Page 1 of 1

Could not complete ssl handshake

Posted: Fri Jan 05, 2018 8:51 am
by chimborah
Hi All,

This is in continuation of my previous post wherein error message "Error message : Error: Could not complete SSL handshake. 5" is getting written to /var/log/messages every min. All the services are in ok state. The requirement is how to avoid these messages or not to log any of the error messages generated by nrpe in any of the log file.
After upgrading to latest nrpe agent and editing syslog settings to stop logging all of the nrpe messages using the example below for the syslog config file, /var/log/message file is not generating any logs even though rsyslog is working fine. If system logs will not written to /var/log/messages then it is an issue.
Could you please suggest how to resolve this issue.

Code: Select all

 *.info;mail.none;authpriv.none;cron.none;nrpe.none                /var/log/messages 
Post details:

Code: Select all

https://support.nagios.com/forum/viewtopic.php?f=7&t=43918




https://support.nagios.com/forum/viewto ... =7&t=43918

Re: Could not complete ssl handshake

Posted: Fri Jan 05, 2018 2:14 pm
by npolovenko
Hello, @chimborah. I don't see how adding this part nrpe.none could stop all rsyslogs to the messages file. But you could remove that part and restart rsyslog:

Code: Select all

service rsyslog restart
Would that restore logging? Also, since all the nrpe checks are OK, I wonder where the handshake message comes from. Do you happen to have other nrpe checks at all?Perhaps, after you revert the rsyslog settings you could share the messages.log file with us.

Re: Could not complete ssl handshake

Posted: Wed Jan 10, 2018 4:45 am
by chimborah
Hi npolovenko,

After removing nrpe.none and restart rsyslog it has restore logging. All the services are OS level standard services

Messages file after reverting the changes. Let me know if other information is required.

Code: Select all

[root@HostName log]# cat messages
Jan  9 14:31:12 HostName kernel: imklog 5.8.10, log source = /proc/kmsg started.
Jan  9 14:31:12 HostName rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="29420" x-info="http://www.rsyslog.com"] start
Jan  9 14:33:52 HostName nrpe[29572]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 31950
Jan  9 14:33:52 HostName nrpe[29572]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:52 HostName nrpe[29572]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:52 HostName nrpe[29572]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:53 HostName nrpe[29576]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 1xxx
Jan  9 14:33:53 HostName nrpe[29576]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29576]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29576]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:53 HostName nrpe[29580]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 4xxx
Jan  9 14:33:53 HostName nrpe[29580]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29580]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29580]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:53 HostName nrpe[29580]: Error: (!log_opts) Could not complete SSL handshake with 10.x.x.x: 5
Jan  9 14:33:53 HostName nrpe[29582]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 8xxx
Jan  9 14:33:53 HostName nrpe[29582]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29582]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:53 HostName nrpe[29582]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:55 HostName nrpe[29584]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 1xxxx
Jan  9 14:33:55 HostName nrpe[29584]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:55 HostName nrpe[29584]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:55 HostName nrpe[29584]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:33:58 HostName nrpe[29592]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 3xxx
Jan  9 14:33:58 HostName nrpe[29592]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:58 HostName nrpe[29592]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:33:58 HostName nrpe[29592]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:00 HostName nrpe[29597]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 5xxxx
Jan  9 14:34:00 HostName nrpe[29597]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:00 HostName nrpe[29597]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:00 HostName nrpe[29597]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:01 HostName nrpe[29601]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 1xxxx
Jan  9 14:34:01 HostName nrpe[29601]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:01 HostName nrpe[29601]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:01 HostName nrpe[29601]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:01 HostName nrpe[29603]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 1xxxx
Jan  9 14:34:01 HostName nrpe[29603]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:01 HostName nrpe[29603]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:01 HostName nrpe[29603]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:26 HostName nrpe[29618]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 6xxxx
Jan  9 14:34:26 HostName nrpe[29618]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:26 HostName nrpe[29618]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:34:26 HostName nrpe[29618]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:34:26 HostName nrpe[29618]: Error: (!log_opts) Could not complete SSL handshake with 10.x.x.x: 5
Jan  9 14:38:29 HostName nrpe[29721]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 4xxxx
Jan  9 14:38:29 HostName nrpe[29721]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:29 HostName nrpe[29721]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:29 HostName nrpe[29721]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:38:29 HostName nrpe[29721]: Error: (!log_opts) Could not complete SSL handshake with 10.x.x.x: 5
Jan  9 14:38:55 HostName nrpe[29727]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port xxxx
Jan  9 14:38:55 HostName nrpe[29727]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:55 HostName nrpe[29727]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:55 HostName nrpe[29727]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:38:58 HostName nrpe[29731]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 2xxxx
Jan  9 14:38:58 HostName nrpe[29731]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29731]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29731]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:38:58 HostName nrpe[29735]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 3xxxx
Jan  9 14:38:58 HostName nrpe[29735]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29735]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29735]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:38:58 HostName nrpe[29735]: Error: (!log_opts) Could not complete SSL handshake with 10.x.x.x: 5
Jan  9 14:38:58 HostName nrpe[29737]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 4xxxx
Jan  9 14:38:58 HostName nrpe[29737]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29737]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:38:58 HostName nrpe[29737]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:39:00 HostName nrpe[29739]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 5xxxx
Jan  9 14:39:00 HostName nrpe[29739]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:39:00 HostName nrpe[29739]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<
Jan  9 14:39:00 HostName nrpe[29739]: is_an_allowed_host (AF_INET): host is in allowed host list!
Jan  9 14:39:04 HostName nrpe[29756]: CONN_CHECK_PEER: checking if host is allowed: 10.x.x.x port 3xxxx
Jan  9 14:39:04 HostName nrpe[29756]: is_an_allowed_host (AF_INET): is host >10.x.x.x< an allowed host >10.x.x.x<

Re: Could not complete ssl handshake

Posted: Wed Jan 10, 2018 2:06 pm
by npolovenko
@chimborah I don't see any non-nrpe entries in the messages log file. Maybe you just didn't have any system log entries there recently? Can you show us the service checks definitions for the host AF_INET? Also, are you running nrpe under xinetd by any chance? If so take a look at the Xinetd Per Source Limit part of this article: https://support.nagios.com/kb/article/n ... e-615.html