"Could not complete SSL handshake"

Thomas Guyot-Sionnest dermoth at aei.ca
Sat Feb 14 17:21:51 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/02/09 12:34 PM, Lee Azzarello wrote:
> Here's a mystery for the books. I was alerted this morning of a socket
> timeout while nagios attempted to connect the NRPE server on a remote
> host. I go in and manually check that host and sure enough:

- From my personal experience NRPE often fail on the SSL handshake under
load - since it happen on the SSL part the connection is already open
(therefore you can telnet to the port without any problem).

I never really looked into issue because none of my servers runs hot -
When I get NRPE timeouts there's usually other stuff that's sending
alerts already (at least the load average check running trough SNMP).

Things you may try:
- - Lower the nice value of the NRPE process
- - Disable SSL
- - When compiling NRPE, in include/common.h, increase the socket timeout:
  #define DEFAULT_SOCKET_TIMEOUT    10    /* timeout after 10 seconds */
- - Increase the check_nrpe and/or nagios active check timeouts.


- --
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJlu+e6dZ+Kt5BchYRAq6nAJ0boUmZyySZ7adQ8tBNtMhrcZQpogCgnbSu
Mt/FbvA8GfzdMFig56KwBx0=
=MQtG
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list