• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort Widget Error Blowing up PHP_Errors.log

Scheduled Pinned Locked Moved IDS/IPS
3 Posts 2 Posters 639 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    reggie14
    last edited by Jul 2, 2015, 4:17 AM

    Every 2-3 weeks I discover my PHP_errors.log file has blown up- jumping to 1-2GB.  It's always the same thing:

    
[01-Jul-2015 08:30:35 US/Eastern] PHP Warning:  fopen(/tmp/alert_snort15008): failed to open stream: No such file or directory in /usr/local/www/widgets/widgets/snort_alerts.widget.php on line 128
[01-Jul-2015 08:30:35 US/Eastern] PHP Warning:  fgetcsv() expects parameter 1 to be resource, boolean given in /usr/local/www/widgets/widgets/snort_alerts.widget.php on line 129
[01-Jul-2015 08:30:35 US/Eastern] PHP Warning:  fgetcsv() expects parameter 1 to be resource, boolean given in /usr/local/www/widgets/widgets/snort_alerts.widget.php on line 129
...

    Those last lines repeat a total of about 6 million times over the course of 5 minutes.  I'm not exaggerating.  That grew PHP_errors.log to 1.3GB this time.

    As the lines suggest, I do have snort installed, as well as the widget running on the main screen.  I looked at the alert log and system log to see if anything in particular happened at or around 8:30, but there's nothing at that time, and nothing around it that looks the least bit suspicious.

    Any ideas?

    1 Reply Last reply Reply Quote 0
    • B
      bmeeks
      last edited by Jul 4, 2015, 1:37 AM Jul 2, 2015, 11:00 PM

      Something is possibly corrupt in your alert log file.  If you can, clear the alert logs by going to the ALERTS tab and using the GUI option to clear out the alerts.  That will empty out the files.  Also be sure your time zone is set correctly.  There were some reported issues with 2.2.3 upgrades not correctly resetting time zone preferences.  Since Snort uses the local time to stamp the alert times with, if the time zone is incorrect or corrupted, that could cause this problem.

      Scratch this reply and see the one that follows…

      Bill

      1 Reply Last reply Reply Quote 0
      • B
        bmeeks
        last edited by Jul 4, 2015, 1:37 AM

        Scratch my earlier reply.  I forgot how my own code works …  :-[

        The Widget code first verifies an alert log file exists for the interface, then it tails the configured number of entries from it and writes those "tailed" entries to a temp file in the [b]/tmp directory.  The code then verifies the temp file exists in /tmp and then opens it for reading.  The opening for reading is failing in your case, but the error says it's failing because the file does not exist.  However, before the open is attempted, a call is made to verify the file exists, so I really don't know what is going on in your case.

        I can add another layer of error-checking to the Widget code and will do so in the next update.

        Bill

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received