p0f Too many host entries, deleting

C

CreateChange

Member
Apr 30, 2019
10
1
3
Denver, CO
cPanel Access Level
Root Administrator
Is the following output in our /var/log/messages log of any concern?

Code: 
2019 Aug 16 22:41:27 (cpanel-6) ->/var/log/messages Aug 16 17:41:25 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:27 (cpanel-6) ->/var/log/messages Aug 16 17:41:26 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:27 (cpanel-6) ->/var/log/messages Aug 16 17:41:27 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:29 (cpanel-6) ->/var/log/messages Aug 16 17:41:27 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:29 (cpanel-6) ->/var/log/messages Aug 16 17:41:28 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:29 (cpanel-6) ->/var/log/messages Aug 16 17:41:29 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:31 (cpanel-6) ->/var/log/messages Aug 16 17:41:29 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:31 (cpanel-6) ->/var/log/messages Aug 16 17:41:30 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:31 (cpanel-6) ->/var/log/messages Aug 16 17:41:31 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
2019 Aug 16 22:41:33 (cpanel-6) ->/var/log/messages Aug 16 17:41:31 cpanel-6 p0f: [!] WARNING: Too many host entries, deleting 1001. Use -m to adjust.
I came across this thread: https://forums.cpanel.net/threads/too-many-tracked-connections-p0f-warnings-messages.538791/ that says that basically it will just autoprune old data and move on. However, I'm curious if there is anything to be concerned about, in regards to there being apparently a ton of hostname data being collected in a very short span of time.
 
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,300
363
Houston
This message indicates that p0f is reaching its cap of how many hosts/connections it is tracking. Once the limit is reached, the oldest 10% entries gets pruned to make room for new data. This setting helps to control the memory footprint of p0f. I don't believe these messages are necessarily a cause for concern, but they could indicate this server is receiving an increased amount of traffic.

There is also typically no need to bump threads, we look at every open thread in the order it's received. If you need immediate assistance, I'd suggest opening a ticket where there is dedicated staff available 24/7 to assist.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
verdon ModSecurity Tools not logging all hits Security 7
D Security tools for Linux servers Security 3
I SOLVED CPANEL-42469 - New cPanel installs ModSec Tools Hits empty/stopped Security 8
C too many email alerts - how to manage this? Security 1
M /usr/local/cpanel/3rdparty/sbin/p0f Security 2
Similar threads
ModSecurity Tools not logging all hits
Security tools for Linux servers
SOLVED CPANEL-42469 - New cPanel installs ModSec Tools Hits empty/stopped
too many email alerts - how to manage this?
/usr/local/cpanel/3rdparty/sbin/p0f
Top Bottom