What is this log?

We have to be honest, logs are often an after thought to most developers. Many logs are pretty cryptic unless you can look at the code and see what is going on. In this section, we will share what we think of a specific log: - the cryptic ones, the fun ones and some of the ones we see more often.

Log: iptables-nf-conntrack-table-full

Jul 18 16:05:27 myserver kernel: [736737.006413] nf_conntrack: nf_conntrack: table full, dropping packet
Jul 18 16:05:27 myserver kernel: [736737.006413] ip_conntrack: ip_conntrack: table full, dropping packet

ID:  iptables-nf-conntrack-table-full
For: Linux kernel

Meaning: This log means that your server's connection tracking are full. It can happen because of a DDoS attack or just too many requests to your server. You can see the current tracking limits with this command:

# sysctl net.ipv4.netfilter.ip_conntrack_max

and increase as necessary.

What to do: If the requests to your server are legitimate, you can increase the syctl ip_conntrack_max value to handle the load. If not, and you are under DDoS, we recommend looking for some DDoS mitigation.

Simple, affordable, log management and analysis.