Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata 6.0.3_3 Package Update -- Release Notes

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 3 Posters 874 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB
      bmeeks
      last edited by bmeeks

      Suricata v6.0.3_3 Release Notes

      This update contains two bug fixes and one minor new feature. This release is now available for both the DEVEL and RELEASE branches of pfSense.

      New Features:

      1. Add option to the INTERFACE SETTINGS tab for enabing more verbose logging in the suricata.log file from Suricata when starting up and shutting down an interface instance.

      Bug Fixes:

      1. When using Inline IPS Mode with VLANs, because the netmap device cannot process VLAN tags, Suricata should pass the VLAN's parent interface as the physical interface where netmap will operate. This corrects an issue where Inline IPS Mode interfaces on VLANs failed to start with the new multiple host rings netmap code.

      2. The default value for TCP Stream Memcap (on the FLOW/STREAM tab) for greenfield installs is increased from 64 MB to 128 MB. This higher value is more likely to be needed with modern higher core-count processors. If you run into a situation where Suricata fails to start and logs an error about failing to allocate memory, go to the FLOW/STREAM tab and scroll down to the Stream Memory Cap and Reassembly Memory Cap parameters and try increasing their values to 131217728.

      Note this change only impacts a new greenfield install! Existing installations will not be modified! The user should make their own modifications to any existing Suricata installation if desired.

      1 Reply Last reply Reply Quote 5
      • X
        xm4rcell0x
        last edited by xm4rcell0x 

        PHP Fatal error:  Allowed memory size of 536870912 bytes exhausted (tried to allocate 227565568 bytes) in /usr/local/www/suricata/suricata_logs_browser.php on line 59

        This error is related to the memory cap? i have changed the values with this new one just now :)
        I have also activated the verbose logging...maybe it's the problem. I don't know

        S 1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @xm4rcell0x
          last edited by

          @xm4rcell0x the "PHP" error means PHP can't read a file that big into memory. Are your log files not rotating?

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          X 1 Reply Last reply Reply Quote 1
          • X
            xm4rcell0x @SteveITS
            last edited by

            @steveits i think yes, because when tried to reload suricata it won't refresh the suricata.log
            I think I have solved after 2 or 3 reloads

            1 Reply Last reply Reply Quote 0
            • bmeeksB
              bmeeks
              last edited by

              Yes, that is a common PHP error when attempting to load and read very large log files. PHP must load the entire file contents into memory, then stream that memory data out to your browser. There is a limited amount of system memory allocated to the PHP process, thus when it tries to open a very large file it will exhaust the memory reserved for PHP processes.

              You can view the file from the CLI using something like the vi editor, or you can use various forms of sftp to connect and grab the file. One of my favorite tools for this kind of stuff is WinSCP.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.