Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PHP errors - Suricata Ver. 4.1.4_3

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 3 Posters 241 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bclothier
      last edited by

      I am getting PHP errors when clicking through certain GUI portions of Suricata (e.g., the log files under Logs View). See snapshot below. I have version 4.1.4_3 of Suricata installed on pfSense 2.4.4-RELEASE-p3.

      2019-06-10_23-49-13.jpg

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        Suricata can produces log files. Huge logs files.
        These tend to eat all disk space, pfSense won't like that. Neraly every week some on is posting about

        The GUI (= PHP) will not be able to 'handle' big files. I guess you wanted to use the GUI to shows some logs.
        Don't.
        Use a specialized text editor like Notepad++ - and know you way around : where to find the file.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          The Suricata log files, especially if you have a busy network, can become quite large -- to large in fact for the GUI to display their content. As you are seeing, the box runs out of PHP reserved memory when trying to load the file contents into a string for display.

          I've been toying with another mechanism to read the logs in snippets for displaying, but the details of that are a little complex to code as you need to keep up with where you are in the file even when one PHP session (or page) ends and another is created for the next page of log results. Nonetheless, this feature has been on my TODO list for quite some time.

          In the interim, use a tool besides the pfSense GUI to open and view the logs. I use WinSCP to establish an SFTP session with my firewall and then browse the logs that way. The Suricata logs will be in the directory /var/log/suricata with each configured interface having its own unique sub-directory under that tree.

          1 Reply Last reply Reply Quote 0
          • B
            bclothier
            last edited by

            @bmeeks @Gertjan

            Thanks for the feedback. I deleted the log files (with Suricata disabled) and then restarted Suricata. The PHP errors have disappeared.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.