We have to be honest, logs are often an after thought to most developers. Many logs are pretty cryptic unless you can look at the code and see what is going on. In this section, we will share what we think of a specific log: - the cryptic ones, the fun ones and some of the ones we see more often.
Jul 18 16:05:27 myserver kernel: [736737.006413] nf_conntrack: nf_conntrack: table full, dropping packet
Jul 18 16:05:27 myserver kernel: [736737.006413] ip_conntrack: ip_conntrack: table full, dropping packetID: iptables-nf-conntrack-table-full
For: Linux kernel
Meaning: This log means that your server's connection tracking are full. It can happen because of a DDoS attack or just too many requests to your server. You can see the current tracking limits with this command:
# sysctl net.ipv4.netfilter.ip_conntrack_max
and increase as necessary.
What to do: If the requests to your server are legitimate, you can increase the syctl ip_conntrack_max value to handle the load. If not, and you are under DDoS, we recommend looking for some DDoS mitigation.