thanks Alex seems like one client (it shows the ip) is trying to get to this site but i havnt added it to my white list, so thats why its getting blocked
events.gfe.nvidia.com thanks a bunch alex, your awesome On Wed, 30 Jun 2021 at 17:09, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 6/30/21 11:48 AM, robert k Wild wrote: > > > How do I enable all 9 debugging to find out what client ip it is thats > > sending all these tls errors. > > 0. Start Squid if necessary. > > 1. Locate your Squid log file or equivalent. In this example, we will > call it cache.log. > > 2. Run "tail -f cache.log > partial-cache.log" in background or another > terminal. This will start appending new debugging to the > partial-cache.log file. > > 3. Run "squid -k debug" to enable ALL,9 debugging. > > 4. Wait a few seconds. > > 5. Run "squid -k debug" to disable ALL,9 debugging. > > 6. Kill the "tail" command in step 2. > > 7. Check that partial-cache.log contains at least one "Error negotiating > SSL connection" entry. If not, go to step 2 and repeat. Perhaps give > Squid a few extra seconds this time. > > 8. Analyze the resulting partial-cache.log (or share it with those who > are willing to analyze it for you, compressing it if needed). Please > note that this debugging log may contain sensitive information such as > user names and passwords. > > > HTH, > > Alex. > > > > On Wed, 30 Jun 2021, 16:16 Alex Rousskov wrote: > > > > On 6/30/21 6:41 AM, robert k Wild wrote: > > > > > never really noticed this as i rarely "tail -f" the cache log but > im > > > noticing these lines like every second > > > > > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD > 266: > > > error:00000001:lib(0):func(0):reason(1) (1/-1) > > > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD > 270: > > > error:00000001:lib(0):func(0):reason(1) (1/-1) > > > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD > 285: > > > error:00000001:lib(0):func(0):reason(1) (1/0) > > > > > is this something to be worried about > > > > IMHO, you should worry about two things, at least: > > > > 1) The fact that you did not know about Squid complaints, especially > > frequent ones. I do not think that constantly watching "tail -f" is > the > > answer here, but something in your Squid administration approach > should > > change to prevent similar lack of problem awareness in the future. > > > > 2) The fact that your Squid is complaining about something every > second. > > If the actual problem behind these errors does not deserve your > > attention, then Squid should not be logging it at level 1 (and you > > should complain that it does). Otherwise, the problem itself should > be > > addressed. > > > > As for the error itself, it looks like your Squid cannot negotiate > TLS > > with some client(s). I do not know whether it is Squid's fault or the > > client's. Enabling "ALL,9" debugging for a few seconds should be > > sufficient to identify the client (at least by its IP address), which > > may be enough to understand why the negotiation fails (or to give you > > enough information to collect more details for triage). > > > > > > HTH, > > > > Alex. > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > <mailto:squid-users@lists.squid-cache.org> > > http://lists.squid-cache.org/listinfo/squid-users > > <http://lists.squid-cache.org/listinfo/squid-users> > > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- Regards, Robert K Wild.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
