Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Widget Error Blowing up PHP_Errors.log

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 669 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reggie14
      last edited by

      Every 2-3 weeks I discover my PHP_errors.log file has blown up- jumping to 1-2GB.  It's always the same thing:

      
[01-Jul-2015 08:30:35 US/Eastern] PHP Warning:  fopen(/tmp/alert_snort15008): failed to open stream: No such file or directory in /usr/local/www/widgets/widgets/snort_alerts.widget.php on line 128
[01-Jul-2015 08:30:35 US/Eastern] PHP Warning:  fgetcsv() expects parameter 1 to be resource, boolean given in /usr/local/www/widgets/widgets/snort_alerts.widget.php on line 129
[01-Jul-2015 08:30:35 US/Eastern] PHP Warning:  fgetcsv() expects parameter 1 to be resource, boolean given in /usr/local/www/widgets/widgets/snort_alerts.widget.php on line 129
...

      Those last lines repeat a total of about 6 million times over the course of 5 minutes.  I'm not exaggerating.  That grew PHP_errors.log to 1.3GB this time.

      As the lines suggest, I do have snort installed, as well as the widget running on the main screen.  I looked at the alert log and system log to see if anything in particular happened at or around 8:30, but there's nothing at that time, and nothing around it that looks the least bit suspicious.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Something is possibly corrupt in your alert log file.  If you can, clear the alert logs by going to the ALERTS tab and using the GUI option to clear out the alerts.  That will empty out the files.  Also be sure your time zone is set correctly.  There were some reported issues with 2.2.3 upgrades not correctly resetting time zone preferences.  Since Snort uses the local time to stamp the alert times with, if the time zone is incorrect or corrupted, that could cause this problem.

        Scratch this reply and see the one that follows…

        Bill

        1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks
          last edited by

          Scratch my earlier reply.  I forgot how my own code works …  :-[

          The Widget code first verifies an alert log file exists for the interface, then it tails the configured number of entries from it and writes those "tailed" entries to a temp file in the [b]/tmp directory.  The code then verifies the temp file exists in /tmp and then opens it for reading.  The opening for reading is failing in your case, but the error says it's failing because the file does not exist.  However, before the open is attempted, a call is made to verify the file exists, so I really don't know what is going on in your case.

          I can add another layer of error-checking to the Widget code and will do so in the next update.

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.