Suricata Error PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 540538808 bytes) in /usr/local/www/suricata/suricata_logs_browser.php on line 54

Chinojames

Hi everyone, need help. my pfsense encountered suricata error.

PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 540538808 bytes) in /usr/local/www/suricata/suricata_logs_browser.php on line 54

Anyone knows what is this? how do i fix it? how do i avoid it?

Thanks for the answer in advance.

bmeeks

You've allowed your log file to get too large and it won't fit into the available PHP memory allocation.

You need to be sure you have the automatic log management functions enabled on the LOG MGMT tab. The default settings are usually sufficient.

The only fix for the file you were trying to open is to transfer it off the firewall and browse it on another platform (Windows or Linux) using a text editor there.

The code on the LOGS VIEW tab is very limited. It has to read the entire log file you are attempting to view into memory and then display it from there. It does not read the file line-by-line or even as blocks of text because of the overhead required to keep place using PHP web sessions. A web-based GUI such as pfSense uses is not the same has running as a program in say Windows. Each time a page of web text is sent to you via the GUI, that session essentially ends and there is no saved "state" so the code does not know where it left off when reading the log file.

Chinojames

@bmeeks said in Suricata Error PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 540538808 bytes) in /usr/local/www/suricata/suricata_logs_browser.php on line 54:

sure

the automatic log management is enabled already. how can i avoid this error? you said i allowed my log files to get too large, how can i manage my log file and reduce it to the limit so that this error will not occur anymore. or whats the best should i do? my pfsense keep on giving me this error and it said fatal error. thanks for your response.

bmeeks

@Chinojames said in Suricata Error PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 540538808 bytes) in /usr/local/www/suricata/suricata_logs_browser.php on line 54:

@bmeeks said in Suricata Error PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 540538808 bytes) in /usr/local/www/suricata/suricata_logs_browser.php on line 54:

sure

the automatic log management is enabled already. how can i avoid this error? you said i allowed my log files to get too large, how can i manage my log file and reduce it to the limit so that this error will not occur anymore. or whats the best should i do? my pfsense keep on giving me this error and it said fatal error. thanks for your response.

Are you running the most recent version of the Suricata package? When you go to SYSTEM > PACKAGE MANAGER does it show any update available? If it does, install that update. There was an issue some time back where the autotmatic log management was not functioning properly.

What exactly are you trying to view when you get this error? Which log file are you choosing? Or does this error happen before you choose any log to view?

Looking at the code in the area of line 54, I see that it is attempting to load the contents of the log file into memory in preparation for viewing. The log file is larger than the amount of available PHP memory in pfSense, hence the crash. You will not be able to open that file in the web GUI.

It is possible that on a busy network, you may have to reduce the file size limits substantially in order to keep some logs from chatty sub-systems from getting too large. The Suricata binary itself does not have built-in log limiting for some logs, so the GUI code does its own check every 5 minutes of log file sizes and prunes and rotates when necessary. However, on a very busy network a log file can possibly get very large (beyond 200-500 MBytes) in that short period of time.