Repost: SSL issue: set options failed: Operation now in progress
Tom Lisjac
netdxr at gmail.com
Tue Sep 25 00:00:37 EDT 2012
Hi Scott,
Many thanks to you and Jeremy for the replies.
The url approach you suggested worked, but still produced the Argus log
errors with Apache and mod_ssl. All along I'd been making the erroneous
assumption that the log errors were also giving flawed results, but that
doesn't seem to be the case. Commenting out the error generating code,
per Jeremy's suggestion, is a good workaround for this issue.
After playing with this for awhile, I noticed more connection noise from
Argus in the logs for these machines then I was willing to accept, so I
opted for this scaled down approach:
Service Prog {
command: nmap -p 993 10.78.44.9 | grep -q "993/tcp open"
label: IMAPS-Repo1
}
It's a little tedious, but nmap's default syn mode verifies the port is
open without propagating a full connection to the logs. Downside is it
also doesn't do any ssl or imap functionality testing, but I'm willing
to live with that. Only remaining problem is figuring out how to make
the notification emails a little less cryptic for our management. :)
9184 24/Sep 21:45 - Prog_nmap -p 993 10.78.44.9 | grep -q "993/tcp open" is DOWN/critical
Thanks again,
-Tom
On 09/24/2012 08:05 AM, Scott Hiemstra wrote:
> Even better, you win Jeremy. :)
>
> -----Original Message-----
> From: arguslist-bounces at tcp4me.com [mailto:arguslist-bounces at tcp4me.com] On Behalf Of Jeremy Kister
> Sent: Monday, September 24, 2012 9:01 AM
> To: Discussion about Argus
> Subject: Re: Repost: SSL issue: set options failed: Operation now in progress
>
> On 9/23/2012 10:50 PM, Tom Lisjac wrote:
>> [2012/08/19 17:21:23.1117] [11871] TCP/SSL set options failed: Operation now in progress
>> [2012/08/19 17:21:12.9232] [11871] TCP/SSL set options failed: Operation now in progress
>> [2012/08/19 17:20:34.2391] [11871] TCP/SSL set options failed: Illegal seek
>> [2012/08/19 17:20:18.4513] [11871] TCP/SSL set options failed: Illegal seek
> I had the same problem, seems to be an incompatibility with newer ssl.
>
> my temporary hack was to comment out the line in SSL.pm:
> problem( $me, "set options failed: $!" ) if $i;
>
>
More information about the Arguslist
mailing list