Project

General

Profile

Actions

Bug #8607

closed

Suricata package fails to prune suricata.log

Added by John Silva over 5 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
Suricata
Target version:
Start date:
06/28/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:
All

Description

The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting in a PHP out of memory error when the log file is viewed through the UI.

I had to manually prune suricata.log after it had grown to approximately 450MB and crashed PHP.

The same issue affects snort.

Actions #1

Updated by John Silva over 5 years ago

Relevant logs:

Jun 28 14:28:20 pfsense php-fpm[1136]: /suricata/suricata_logs_browser.php: PHP ERROR: Type: 1, File: /usr/local/www/suricata/suricata_logs_browser.php, Line: 58, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 490018477 bytes)
Jun 28 14:28:20 pfsense php-fpm[1136]: /suricata/suricata_logs_browser.php: New alert found: PHP ERROR: Type: 1, File: /usr/local/www/suricata/suricata_logs_browser.php, Line: 58, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 490018477 bytes)

Actions #2

Updated by Jim Pingle over 5 years ago

  • Target version deleted (2.4.4)
Actions #3

Updated by Alexander Lindqvist over 5 years ago

I also got hit by this now when trying to open suricata.log. The crashing suricata.log file was 103MB. Suricata.log on interface 2 was 72MB and that could be opened without problems.

Any update on this?

Crash report details:

PHP Errors:
[06-Nov-2018 17:35:03 Europe/Stockholm] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 144611376 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149
[06-Nov-2018 17:35:50 Europe/Stockholm] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 144611376 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149
[06-Nov-2018 17:36:39 Europe/Stockholm] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 144611376 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149

No FreeBSD crash data found.

Actions #4

Updated by Bill Meeks over 5 years ago

This problem is addressed by the pull request https://github.com/pfsense/FreeBSD-ports/pull/592 that updates the GUI package to version 4.0.13_10. Once that pull request is merged, this issue can be closed.

Actions #5

Updated by Renato Botelho over 5 years ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.4.4-p1
  • % Done changed from 0 to 100

PR has been merged

Actions #6

Updated by Renato Botelho over 5 years ago

  • Status changed from Feedback to Resolved
Actions #7

Updated by Car F about 3 years ago

Got this error again today with Suricata 5.0.4_2.

[13-Feb-2021 08:04:22 Europe/Berlin] PHP Fatal error:  Allowed memory size of 536870912 bytes exhausted (tried to allocate 147791192 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149

Actions

Also available in: Atom PDF