PHP errors - Suricata Ver. 4.1.4_3
-
I am getting PHP errors when clicking through certain GUI portions of Suricata (e.g., the log files under Logs View). See snapshot below. I have version 4.1.4_3 of Suricata installed on pfSense 2.4.4-RELEASE-p3.
-
Hi,
Suricata can produces log files. Huge logs files.
These tend to eat all disk space, pfSense won't like that. Neraly every week some on is posting aboutThe GUI (= PHP) will not be able to 'handle' big files. I guess you wanted to use the GUI to shows some logs.
Don't.
Use a specialized text editor like Notepad++ - and know you way around : where to find the file.
-
The Suricata log files, especially if you have a busy network, can become quite large -- to large in fact for the GUI to display their content. As you are seeing, the box runs out of PHP reserved memory when trying to load the file contents into a string for display.
I've been toying with another mechanism to read the logs in snippets for displaying, but the details of that are a little complex to code as you need to keep up with where you are in the file even when one PHP session (or page) ends and another is created for the next page of log results. Nonetheless, this feature has been on my TODO list for quite some time.
In the interim, use a tool besides the pfSense GUI to open and view the logs. I use WinSCP to establish an SFTP session with my firewall and then browse the logs that way. The Suricata logs will be in the directory /var/log/suricata with each configured interface having its own unique sub-directory under that tree.
-
Thanks for the feedback. I deleted the log files (with Suricata disabled) and then restarted Suricata. The PHP errors have disappeared.
