Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP DNS
Known Affected Versions:
13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2
Fixed In:
16.1.0, 15.1.3, 14.1.4.1
Opened: Feb 26, 2020 Severity: 3-Major
Err (error) level messages in /var/log/gtm log when DNS (GTM) SSL monitors such as https are used and are unable to connect to the monitored target IP address: err big3d[4658]: 01330014:3: CSSLSocket:: Unable to get the session. These messages do not indicate the IP address or port of the target that failed to connect, and this ambiguity may cause concern.
The system reports unnecessary messages; the fact that the monitor failed is already detailed by the pool/virtual status change message, and the target changing to a red/down status. These messages can be safely ignored.
-- SSL-based DNS (GTM) monitor assigned to a target, for example https -- TCP fails to connect due to a layer 2-4 issue, for example: - No route to host. - Received a TCP RST. - TCP handshake timeout.
If you want to suppress these messages, you can configure a syslog filter. For more information, see K16932: Configuring the BIG-IP system to suppress sending SSL access and request messages to remote syslog servers :: https://support.f5.com/csp/article/K16932.
Added debug messages for SSL probing with a new DB variable Log.Big3dprobeplus.level