From argus-02 at jeremykister.com Mon Sep 3 04:45:09 2012 From: argus-02 at jeremykister.com (Jeremy Kister) Date: Mon, 03 Sep 2012 04:45:09 -0400 Subject: Argus / Qmail / Sprint - Return-Path set incorrectly In-Reply-To: <073C6B4DF1DDC8498449BE3F9575666D03AAEFD80943@horus.h2.com> References: <073C6B4DF1DDC8498449BE3F9575666D03AAEFD80943@horus.h2.com> Message-ID: <50446E15.3050205@jeremykister.com> On 7/13/2012 9:28 AM, Scott Hiemstra wrote: > Fair enough, I would reject a message coming from anonymous at HOSTNAME.DOMAIN.com as well so I understand the rejection. The problem is, I am setting my from address to a valid address using the mail_from Argus directive and I have verified this works by looking at the message headers but I am seeing the anonymous address set in the Return-Path even though the from is set correctly. Looks like this message has been delayed for quite some time - but, for the archives: just make your own notify method: Method "mail" { command: /usr/sbin/sendmail -f %F -t send: To: %R\nFrom: %F\nSubject: Argus%E\n\n%M nolotsmsgs: yes qtime: 0 } the above method is rather MTA agnostic, but vanilla qmail-1.03's "sendmail" doesnt support the -f flag. use netqmail 1.05 or the sendmail-flagf.patch From netdxr at gmail.com Sun Sep 23 22:50:01 2012 From: netdxr at gmail.com (Tom Lisjac) Date: Sun, 23 Sep 2012 21:50:01 -0500 Subject: Repost: SSL issue: set options failed: Operation now in progress In-Reply-To: <5031723E.5080406@gmail.com> References: <5031723E.5080406@gmail.com> Message-ID: <505FCA59.7080601@gmail.com> Hi all, I'm using the development version of Argus (argus-dev-20120107) to monitor about 30 machines. Most of it is working impressively well but I'm seeing the following errors in the log when any https, imaps or smtps tests are enabled: [2012/08/19 17:21:23.1117] [11871] TCP/SSL set options failed: Operation now in progress [2012/08/19 17:21:12.9232] [11871] TCP/SSL set options failed: Operation now in progress [2012/08/19 17:20:34.2391] [11871] TCP/SSL set options failed: Illegal seek [2012/08/19 17:20:18.4513] [11871] TCP/SSL set options failed: Illegal seek I haven't been able to find any references from google or the docs, but suspect that something is hanging during the initial ssl cert negotiation. The operation in progress errors continue, but the illegal seeks stop when I disable imaps and smtps checking. Here is the output from the argus build: found db type: DB_File Socket6 not found - no IPv6 support for you found GD - including graphing support found DBI - including Database testing support found Net::SSLeay - including extended SSL testing support found Digest::HMAC found Digest::MD5 found Digest::SHA1 found Crypt::DES including SNMPv3 authentication support including SNMPv3 privacy support including DARP support Any suggestions to get this resolved would be greatly appreciated. Thanks, -Tom From argus-02 at jeremykister.com Mon Sep 24 09:00:51 2012 From: argus-02 at jeremykister.com (Jeremy Kister) Date: Mon, 24 Sep 2012 09:00:51 -0400 Subject: Repost: SSL issue: set options failed: Operation now in progress In-Reply-To: <505FCA59.7080601@gmail.com> References: <5031723E.5080406@gmail.com> <505FCA59.7080601@gmail.com> Message-ID: <50605983.9080007@jeremykister.com> On 9/23/2012 10:50 PM, Tom Lisjac wrote: > [2012/08/19 17:21:23.1117] [11871] TCP/SSL set options failed: Operation now in progress > [2012/08/19 17:21:12.9232] [11871] TCP/SSL set options failed: Operation now in progress > [2012/08/19 17:20:34.2391] [11871] TCP/SSL set options failed: Illegal seek > [2012/08/19 17:20:18.4513] [11871] TCP/SSL set options failed: Illegal seek I had the same problem, seems to be an incompatibility with newer ssl. my temporary hack was to comment out the line in SSL.pm: problem( $me, "set options failed: $!" ) if $i; -- Jeremy Kister http://jeremy.kister.net./ From shiemstra at h2.com Mon Sep 24 09:02:28 2012 From: shiemstra at h2.com (Scott Hiemstra) Date: Mon, 24 Sep 2012 09:02:28 -0400 Subject: Repost: SSL issue: set options failed: Operation now in progress In-Reply-To: <505FCA59.7080601@gmail.com> References: <5031723E.5080406@gmail.com> <505FCA59.7080601@gmail.com> Message-ID: <073C6B4DF1DDC8498449BE3F9575666D03AAEFD80A14@horus.h2.com> Tom, I can't offer anything about imaps or smtps but I ran into this with https on a version of Argus from several years ago. I'm running dev-20111102 so I can't speak directly to dev-20120107. Based on my internal notes it seems I had this issue when trying to use TCP/HTTPS, switching over to TCP/URL resolved the issue. Also I have encountered problems between Argus and some of my IIS servers not negotiating SSL properly if I don't specify a browser string, I use "browser: Mozilla/5.0 (compatible; Argus)". I believe this has been a distinct issue with IIS7 for me. Using TCP/HTTPS: Group "HTTPS Test" { hostname: secure.domain.com Service TCP/HTTPS } Using TCP/URL: Group "URL Test" { Service TCP/URL { url: https://secure.domain.com label: My secure test target } } Others may offer more insight but hope this helps in the interim, Scott -----Original Message----- From: arguslist-bounces at tcp4me.com [mailto:arguslist-bounces at tcp4me.com] On Behalf Of Tom Lisjac Sent: Sunday, September 23, 2012 10:50 PM To: arguslist at tcp4me.com Subject: Repost: SSL issue: set options failed: Operation now in progress Hi all, I'm using the development version of Argus (argus-dev-20120107) to monitor about 30 machines. Most of it is working impressively well but I'm seeing the following errors in the log when any https, imaps or smtps tests are enabled: [2012/08/19 17:21:23.1117] [11871] TCP/SSL set options failed: Operation now in progress [2012/08/19 17:21:12.9232] [11871] TCP/SSL set options failed: Operation now in progress [2012/08/19 17:20:34.2391] [11871] TCP/SSL set options failed: Illegal seek [2012/08/19 17:20:18.4513] [11871] TCP/SSL set options failed: Illegal seek I haven't been able to find any references from google or the docs, but suspect that something is hanging during the initial ssl cert negotiation. The operation in progress errors continue, but the illegal seeks stop when I disable imaps and smtps checking. Here is the output from the argus build: found db type: DB_File Socket6 not found - no IPv6 support for you found GD - including graphing support found DBI - including Database testing support found Net::SSLeay - including extended SSL testing support found Digest::HMAC found Digest::MD5 found Digest::SHA1 found Crypt::DES including SNMPv3 authentication support including SNMPv3 privacy support including DARP support Any suggestions to get this resolved would be greatly appreciated. Thanks, -Tom _______________________________________________ http://argus.tcp4me.com/ Arguslist at tcp4me.com http://www.tcp4me.com/mailman/listinfo/arguslist From shiemstra at h2.com Mon Sep 24 09:05:54 2012 From: shiemstra at h2.com (Scott Hiemstra) Date: Mon, 24 Sep 2012 09:05:54 -0400 Subject: Repost: SSL issue: set options failed: Operation now in progress In-Reply-To: <50605983.9080007@jeremykister.com> References: <5031723E.5080406@gmail.com> <505FCA59.7080601@gmail.com> <50605983.9080007@jeremykister.com> Message-ID: <073C6B4DF1DDC8498449BE3F9575666D03AAEFD80A15@horus.h2.com> Even better, you win Jeremy. :) -----Original Message----- From: arguslist-bounces at tcp4me.com [mailto:arguslist-bounces at tcp4me.com] On Behalf Of Jeremy Kister Sent: Monday, September 24, 2012 9:01 AM To: Discussion about Argus Subject: Re: Repost: SSL issue: set options failed: Operation now in progress On 9/23/2012 10:50 PM, Tom Lisjac wrote: > [2012/08/19 17:21:23.1117] [11871] TCP/SSL set options failed: Operation now in progress > [2012/08/19 17:21:12.9232] [11871] TCP/SSL set options failed: Operation now in progress > [2012/08/19 17:20:34.2391] [11871] TCP/SSL set options failed: Illegal seek > [2012/08/19 17:20:18.4513] [11871] TCP/SSL set options failed: Illegal seek I had the same problem, seems to be an incompatibility with newer ssl. my temporary hack was to comment out the line in SSL.pm: problem( $me, "set options failed: $!" ) if $i; -- Jeremy Kister http://jeremy.kister.net./ _______________________________________________ http://argus.tcp4me.com/ Arguslist at tcp4me.com http://www.tcp4me.com/mailman/listinfo/arguslist From netdxr at gmail.com Tue Sep 25 00:00:37 2012 From: netdxr at gmail.com (Tom Lisjac) Date: Mon, 24 Sep 2012 23:00:37 -0500 Subject: Repost: SSL issue: set options failed: Operation now in progress In-Reply-To: <073C6B4DF1DDC8498449BE3F9575666D03AAEFD80A15@horus.h2.com> References: <5031723E.5080406@gmail.com> <505FCA59.7080601@gmail.com> <50605983.9080007@jeremykister.com> <073C6B4DF1DDC8498449BE3F9575666D03AAEFD80A15@horus.h2.com> Message-ID: <50612C65.1060306@gmail.com> Hi Scott, Many thanks to you and Jeremy for the replies. The url approach you suggested worked, but still produced the Argus log errors with Apache and mod_ssl. All along I'd been making the erroneous assumption that the log errors were also giving flawed results, but that doesn't seem to be the case. Commenting out the error generating code, per Jeremy's suggestion, is a good workaround for this issue. After playing with this for awhile, I noticed more connection noise from Argus in the logs for these machines then I was willing to accept, so I opted for this scaled down approach: Service Prog { command: nmap -p 993 10.78.44.9 | grep -q "993/tcp open" label: IMAPS-Repo1 } It's a little tedious, but nmap's default syn mode verifies the port is open without propagating a full connection to the logs. Downside is it also doesn't do any ssl or imap functionality testing, but I'm willing to live with that. Only remaining problem is figuring out how to make the notification emails a little less cryptic for our management. :) 9184 24/Sep 21:45 - Prog_nmap -p 993 10.78.44.9 | grep -q "993/tcp open" is DOWN/critical Thanks again, -Tom On 09/24/2012 08:05 AM, Scott Hiemstra wrote: > Even better, you win Jeremy. :) > > -----Original Message----- > From: arguslist-bounces at tcp4me.com [mailto:arguslist-bounces at tcp4me.com] On Behalf Of Jeremy Kister > Sent: Monday, September 24, 2012 9:01 AM > To: Discussion about Argus > Subject: Re: Repost: SSL issue: set options failed: Operation now in progress > > On 9/23/2012 10:50 PM, Tom Lisjac wrote: >> [2012/08/19 17:21:23.1117] [11871] TCP/SSL set options failed: Operation now in progress >> [2012/08/19 17:21:12.9232] [11871] TCP/SSL set options failed: Operation now in progress >> [2012/08/19 17:20:34.2391] [11871] TCP/SSL set options failed: Illegal seek >> [2012/08/19 17:20:18.4513] [11871] TCP/SSL set options failed: Illegal seek > I had the same problem, seems to be an incompatibility with newer ssl. > > my temporary hack was to comment out the line in SSL.pm: > problem( $me, "set options failed: $!" ) if $i; > > From scott at hiemstra.us Tue Sep 25 08:52:39 2012 From: scott at hiemstra.us (Scott Hiemstra) Date: Tue, 25 Sep 2012 08:52:39 -0400 Subject: Repost: SSL issue: set options failed: Operation now in progress In-Reply-To: <50612C65.1060306@gmail.com> References: <5031723E.5080406@gmail.com> <505FCA59.7080601@gmail.com> <50605983.9080007@jeremykister.com> <073C6B4DF1DDC8498449BE3F9575666D03AAEFD80A15@horus.h2.com> <50612C65.1060306@gmail.com> Message-ID: <732a7cebaaccf05a5d67c068983c9666@hiemstra.us> Tom, If it is only one or 2 items you need to clean up the notifications for then you could simply specify the up/down messages for the individual service. You wouldn't want to do this for all services as it does get very tedious to maintain. Simply throw this into your Prog definition: messagedn: IMAPS is down messageup: IMAPS is up Scott On 25.09.2012 00:00, Tom Lisjac wrote: > Hi Scott, > > Many thanks to you and Jeremy for the replies. > > The url approach you suggested worked, but still produced the Argus > log > errors with Apache and mod_ssl. All along I'd been making the > erroneous > assumption that the log errors were also giving flawed results, but > that > doesn't seem to be the case. Commenting out the error generating > code, > per Jeremy's suggestion, is a good workaround for this issue. > > After playing with this for awhile, I noticed more connection noise > from > Argus in the logs for these machines then I was willing to accept, so > I > opted for this scaled down approach: > > Service Prog { > command: nmap -p 993 10.78.44.9 | grep -q "993/tcp open" > label: IMAPS-Repo1 > } > > It's a little tedious, but nmap's default syn mode verifies the port > is > open without propagating a full connection to the logs. Downside is > it > also doesn't do any ssl or imap functionality testing, but I'm > willing > to live with that. Only remaining problem is figuring out how to make > the notification emails a little less cryptic for our management. :) > > 9184 24/Sep 21:45 - Prog_nmap -p 993 10.78.44.9 | grep -q "993/tcp > open" is DOWN/critical > > Thanks again, > > -Tom > > On 09/24/2012 08:05 AM, Scott Hiemstra wrote: >> Even better, you win Jeremy. :) >> >> -----Original Message----- >> From: arguslist-bounces at tcp4me.com >> [mailto:arguslist-bounces at tcp4me.com] On Behalf Of Jeremy Kister >> Sent: Monday, September 24, 2012 9:01 AM >> To: Discussion about Argus >> Subject: Re: Repost: SSL issue: set options failed: Operation now in >> progress >> >> On 9/23/2012 10:50 PM, Tom Lisjac wrote: >>> [2012/08/19 17:21:23.1117] [11871] TCP/SSL set options failed: >>> Operation now in progress >>> [2012/08/19 17:21:12.9232] [11871] TCP/SSL set options failed: >>> Operation now in progress >>> [2012/08/19 17:20:34.2391] [11871] TCP/SSL set options failed: >>> Illegal seek >>> [2012/08/19 17:20:18.4513] [11871] TCP/SSL set options failed: >>> Illegal seek >> I had the same problem, seems to be an incompatibility with newer >> ssl. >> >> my temporary hack was to comment out the line in SSL.pm: >> problem( $me, "set options failed: $!" ) if $i; >> >> > > > _______________________________________________ > http://argus.tcp4me.com/ > Arguslist at tcp4me.com > http://www.tcp4me.com/mailman/listinfo/arguslist