Page 1 of 2
Random SSL handshake failure with nrpe on SunOS
Posted: Tue Jan 29, 2019 12:27 am
by gereebl
Hi!
We have several hosts which throws "CHECK_NRPE: Error - Could not complete SSL handshake with" alerts randomly. In most of the time we can't see any issue, but in rare cases, we get this alert.
We have tried some workaround based on other requests, but none of them worked so far.
We also tried to enable debug log, but it didn't showed anything just the error line, that the SSL handshake has failed.
OS version: SunOS 5.11 11.3
Nrpe package is: CSWnrpe with version 3.2.1
SSL package: CSWlibssl1-0-0 with version 1.0.1u
Please help us, as a lot of false alerts are generated now because of this issue.
Re: Random SSL handshake failure with nrpe on SunOS
Posted: Tue Jan 29, 2019 2:52 pm
by ssax
Do you have multiple nagios servers?
Please PM me a copy of your profile, you can download it from Admin > System Profile > Download Profile.
Additionally, let us know a couple of hostnames that are experiencing the issue.
Do you receive that on all of the services during the times you're having issues or just some of them?
Please attach the output of these commands run from a
non-working SunOS server:
Code: Select all
svcs | grep "nrpe"
svcs -xv nrpe
ps aux | grep nrpe
Re: Random SSL handshake failure with nrpe on SunOS
Posted: Wed Jan 30, 2019 12:31 am
by gereebl
Hi!
No, we have only one NagiosXI server.
Hostnames look like this pattern: [a-z][a-z][a-z]-[a-z][a-z][a-z]-[a-z][a-z]-[A-Z][A-Z]
We receive this error from various services, not just one.
Output of the commands:
Code: Select all
-bash-4.4$ svcs | grep "nrpe"
online Dec_18 svc:/network/cswnrpe:default
-bash-4.4$ svcs -xv nrpe
svcs: Pattern 'nrpe' doesn't match any instances
-bash-4.4$ ps aux | grep nrpe
nagios 19880 0.1 0.0 6128 2800 ? S Dec 18 75:24 /opt/csw/bin/nrpe
nagios 3125 0.0 0.1 8928 5896 pts/1 S 06:21:38 0:00 grep nrpe
-bash-4.4$
About the System Profile: Can you help me how I can send it to you?
Thank you for your help!
Re: Random SSL handshake failure with nrpe on SunOS
Posted: Wed Jan 30, 2019 3:30 pm
by ssax
Please post the output of this command:
Please download your profile by logging into the Nagios XI web interface and go to Admin > System Profile > Download Profile, then click the Download Profile button.
Then click my forum username and click the "Send private message", at the bottom select your profile and then click the "Add the file" button, then click the Submit button.
Re: Random SSL handshake failure with nrpe on SunOS
Posted: Wed Feb 06, 2019 3:53 am
by gereebl
This is the output you've requested:
Code: Select all
-bash-4.4$ svcs -xv cswnrpe
svc:/network/cswnrpe:default (?)
State: online since December 18, 2018 06:26:00 AM CET
See: /var/svc/log/network-cswnrpe:default.log
Impact: None.
I'll send you the system profile also.
Thank you!
Re: Random SSL handshake failure with nrpe on SunOS
Posted: Wed Feb 06, 2019 3:47 pm
by ssax
Are you seeing anything in this log that could be related?
Code: Select all
/var/svc/log/network-cswnrpe:default.log
Re: Random SSL handshake failure with nrpe on SunOS
Posted: Thu Feb 07, 2019 4:38 am
by gereebl
No. The last entry is more than 1 month old, that it was started.
Nothing relevant is there for this issue.
Re: Random SSL handshake failure with nrpe on SunOS
Posted: Thu Feb 07, 2019 3:28 pm
by ssax
Please enable debug logging by editing your nrpe.cfg then restart the NRPE service, then let it run and see what the debug log shows when those errors occur.
Re: Random SSL handshake failure with nrpe on SunOS
Posted: Fri Feb 08, 2019 1:21 am
by gereebl
We did that one already, so if we can find any clue where to search further, but only such lines are logged around the errors:
Code: Select all
[1547672654] Error: (!log_opts) Could not complete SSL handshake with <IP>: 1
[1547672681] Error: (!log_opts) Could not complete SSL handshake with <IP>: 1
[1547672683] Error: (!log_opts) Could not complete SSL handshake with <IP>: 1
[1547672691] Error: (!log_opts) Could not complete SSL handshake with <IP>: 1
Other lines in the log only show the successful requests.
Re: Random SSL handshake failure with nrpe on SunOS
Posted: Fri Feb 08, 2019 4:55 pm
by ssax
Please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:
https://support.nagios.com/tickets/