Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to access tls.log in Suricata after certain size

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 3 Posters 538 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jorgek
      last edited by jorgek

      After a Suricata log grow beyond a certain size, it return error

      51eb12bc-0a35-4296-90d5-8b93cc271a61-image.png[0_1632216720856_PHP_errors.log](Uploading 100%) PHP_errors.log.zip

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Yes, this is a known issue with pretty much any application using PHP that tries to load and render large text files. The PHP code is attempting to load the entire file into a string variable, then it pumps the contents of that string out to your browser. There is not enough allocated memory in the PHP subsystem to load the entire file into the in-memory string variable, thus the error.

        You will need to browse that file using some other tool that can read in only pieces at the time. Or better yet, turn on the automatic log managment functions on the LOGS MGMT tab and set the maximum file size for the various logs to relatively low values. I suggest making 1 MB the maximum, with 250K or 500K being even better.

        GertjanG 1 Reply Last reply Reply Quote 1
        • GertjanG
          Gertjan @bmeeks
          last edited by

          @bmeeks said in Unable to access tls.log in Suricata after certain size:

          some other tool

          @jorgek : Activate the SSH access - port 22.
          Use an SFTP capable program like WinSCP.
          Use a decent text file viewer, like Notepad++

          Now you can view, and more, any sized file.

          Remember : PHP's main job is building web browser html pages. These tend to be small, so they can load fast.
          A web page shouldn't be "500 Mega" in size.

          Big log files, the ones produces by web, mail dns etc server can grow fast, grow big, and can't be 'showed' with a web browser. And if it was possible, using some custom javascript, ploughing through the (log) file and sending it over, part after part, would be painfully slow.

          The command line access rulez forever ;)

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          J 1 Reply Last reply Reply Quote 1
          • J
            jorgek @Gertjan
            last edited by

            @gertjan @bmeeks Thanks. I reduced the value to half size from default and I will grab using SFTP. cheers

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.