Unable to access tls.log in Suricata after certain size
-
After a Suricata log grow beyond a certain size, it return error
[0_1632216720856_PHP_errors.log](Uploading 100%) PHP_errors.log.zip
-
Yes, this is a known issue with pretty much any application using PHP that tries to load and render large text files. The PHP code is attempting to load the entire file into a string variable, then it pumps the contents of that string out to your browser. There is not enough allocated memory in the PHP subsystem to load the entire file into the in-memory string variable, thus the error.
You will need to browse that file using some other tool that can read in only pieces at the time. Or better yet, turn on the automatic log managment functions on the LOGS MGMT tab and set the maximum file size for the various logs to relatively low values. I suggest making 1 MB the maximum, with 250K or 500K being even better.
-
@bmeeks said in Unable to access tls.log in Suricata after certain size:
some other tool
@jorgek : Activate the SSH access - port 22.
Use an SFTP capable program like WinSCP.
Use a decent text file viewer, like Notepad++Now you can view, and more, any sized file.
Remember : PHP's main job is building web browser html pages. These tend to be small, so they can load fast.
A web page shouldn't be "500 Mega" in size.Big log files, the ones produces by web, mail dns etc server can grow fast, grow big, and can't be 'showed' with a web browser. And if it was possible, using some custom javascript, ploughing through the (log) file and sending it over, part after part, would be painfully slow.
The command line access rulez forever ;)
-