Suricata-related PHP errors are being displayed.
-
I am using suricata and now I was getting this error in PFsense. I have set a size limit for the suricata log directory as a workaround, but is there some other setting that could resolve this?
check this option : Log Directory Size Limit Enable Directory Size Limit
ErrorMessage is below :
Crash report begins. Anonymous machine information:
amd64
12.3-STABLE
FreeBSD 12.3-STABLE RELENG_2_6_0-n226742-1285d6d205f pfSenseCrash report details:
PHP Errors:
[03-Feb-2023 15:01:51 Asia/Tokyo] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 493511028 bytes) in /usr/local/www/suricata/suricata_logs_browser.php on line 58 -
@yet_learningpfsense The PHP memory size is related to PHP not being able to read in the log file.
How big are your log files getting, how fast?
Here's a thread that talks about increasing the PHP limits:
https://forum.netgate.com/topic/142702/allowed-memory-size-exhausted
...though it's probably preferable to get the logging under control. -
When you view logs using the tools under LOGS VIEW, the package attempts to load the entire log file into an in-memory string. That's just how PHP works by default. But if the log file is too large, then there is not enough free PHP memory to hold the file's contents and the error you see is thrown.
The only fix is to either view the log using an external editor, or enable all the log rotation and size limit options on the LOGS MGMT tab. Simply enabling the Directory Size Limit is not enough if your individual files are getting huge. You need to enable the log file size limits as well.
The amount of memory available for PHP is hard-coded. It does not matter how much free RAM you may have on your firewall, PHP is configured to use about 512 MB as its limit.
-
SteveITS , >>bmeeks
Thanks for the reply. As you indicated, I've set the log directory size limit and the error message no longer appears! I will continue to use this device, thank you both.