p0f Too many host entries, deleting

C

CreateChange

Member
Apr 30, 2019
10
1
3
Denver, CO
cPanel Access Level
Root Administrator
Is the following output in our /var/log/messages log of any concern?

Code: 
2019 Aug 16 22:41:27 (cpanel-6) ->/var/log/messages Aug 16 17:41:25 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:27 (cpanel-6) ->/var/log/messages Aug 16 17:41:26 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:27 (cpanel-6) ->/var/log/messages Aug 16 17:41:27 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:29 (cpanel-6) ->/var/log/messages Aug 16 17:41:27 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:29 (cpanel-6) ->/var/log/messages Aug 16 17:41:28 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:29 (cpanel-6) ->/var/log/messages Aug 16 17:41:29 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:31 (cpanel-6) ->/var/log/messages Aug 16 17:41:29 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:31 (cpanel-6) ->/var/log/messages Aug 16 17:41:30 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:31 (cpanel-6) ->/var/log/messages Aug 16 17:41:31 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:33 (cpanel-6) ->/var/log/messages Aug 16 17:41:31 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
I came across this thread: https://forums.cpanel.net/threads/too-many-tracked-connections-p0f-warnings-messages.538791/ that says that basically it will just autoprune old data and move on. However, I'm curious if there is anything to be concerned about, in regards to there being apparently a ton of hostname data being collected in a very short span of time.
 
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,304
363
Houston
This message indicates that p0f is reaching its cap of how many hosts/connections it is tracking. Once the limit is reached, the oldest 10% entries gets pruned to make room for new data. This setting helps to control the memory footprint of p0f. I don't believe these messages are necessarily a cause for concern, but they could indicate this server is receiving an increased amount of traffic.

There is also typically no need to bump threads, we look at every open thread in the order it's received. If you need immediate assistance, I'd suggest opening a ticket where there is dedicated staff available 24/7 to assist.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J blocked with too many connections port 465 Security 3
P SOLVED 403 error navigating too quickly Security 5
W Excessive resource usage: wp-toolkit Security 1
verdon ModSecurity Tools not logging all hits Security 17
M /usr/local/cpanel/3rdparty/sbin/p0f Security 2
Similar threads
blocked with too many connections port 465
SOLVED 403 error navigating too quickly
Excessive resource usage: wp-toolkit
ModSecurity Tools not logging all hits
/usr/local/cpanel/3rdparty/sbin/p0f
Top Bottom