Bug #8607
closed
Suricata package fails to prune suricata.log
Added by John Silva over 6 years ago.
Updated almost 4 years ago.
Affected Architecture:
All
Description
The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting in a PHP out of memory error when the log file is viewed through the UI.
I had to manually prune suricata.log after it had grown to approximately 450MB and crashed PHP.
The same issue affects snort.
Relevant logs:
Jun 28 14:28:20 pfsense php-fpm[1136]: /suricata/suricata_logs_browser.php: PHP ERROR: Type: 1, File: /usr/local/www/suricata/suricata_logs_browser.php, Line: 58, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 490018477 bytes)
Jun 28 14:28:20 pfsense php-fpm[1136]: /suricata/suricata_logs_browser.php: New alert found: PHP ERROR: Type: 1, File: /usr/local/www/suricata/suricata_logs_browser.php, Line: 58, Message: Allowed memory size of 536870912 bytes exhausted (tried to allocate 490018477 bytes)
- Target version deleted (
2.4.4)
I also got hit by this now when trying to open suricata.log. The crashing suricata.log file was 103MB. Suricata.log on interface 2 was 72MB and that could be opened without problems.
Any update on this?
Crash report details:
PHP Errors:
[06-Nov-2018 17:35:03 Europe/Stockholm] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 144611376 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149
[06-Nov-2018 17:35:50 Europe/Stockholm] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 144611376 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149
[06-Nov-2018 17:36:39 Europe/Stockholm] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 144611376 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149
No FreeBSD crash data found.
- Status changed from New to Feedback
- Assignee set to Renato Botelho
- Target version set to 2.4.4-p1
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
Got this error again today with Suricata 5.0.4_2.
[13-Feb-2021 08:04:22 Europe/Berlin] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 147791192 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149
Also available in: Atom
PDF