Forum Discussion
NimbostratusltmClientSslStatActiveHandshakeRejected for each ssl profile
NimbostratusThank you for your reply but this doesn't solve my problem , look what I have in ltm logs when the ssl_profile sessions reached the threshold :
- Sample logs(/var/log/ltm):
Jan 24 17:29:50 bigip warning tmm1[24729]: 01260009:4: Connection error: ssl_check_profile_limits:1868: The number of per TMM active handshakes 100 for /Common/ssl_profile_name-0 on this TMM[1] reached the limit 100/TMM set in profile /Common/ssl_profile_name-1 (80)
Jan 24 17:29:50 bigip warning tmm[24729]: 01260013:4: SSL Handshake failed for TCP 192.168.1.0:53031 -> 192.168.2.0:443
Jan 24 17:29:50 bigip warning tmm[24729]: 01260013:4: Per-invocation log rate exceeded; throttling.
Jan 24 17:29:50 bigip warning tmm1[24729]: 01260009:4: Connection error: ssl_check_profile_limits:1868: The number of per TMM active handshakes 100 for /Common/ssl_profile_name-1 on this TMM[1] reached the limit 250/TMM set in profile /Common/ssl_profile_name-3 (80)
Jan 31 14:03:22 bigip warning tmm1[24729]: 01260009:4: Connection error: ssl_check_profile_limits:1868: The number of per TMM active handshakes 100 for /Common/ssl_profile_name-0 on this TMM[1] reached the limit 100/TMM set in profile /Common/ssl_profile_name-1 (80)
Jan 31 14:03:32 bigip warning tmm[24729]: 01260009:4: Connection error: ssl_check_profile_limits:1868: The number of per TMM active handshakes 250 for /Common/ssl_profile_name-0 on this TMM[0] reached the limit 250/TMM set in profile /Common/ssl_profile_name-1 (80)
Dario_GarridoNoctilucent
Hello SlashLinux
In case of having logs to report those issues, then you can configure custom alerts (using matching expressions from your logs) to trigger SNMP traps.
https://support.f5.com/csp/article/K3727
Regards,
Dario.
