Forum Discussion
1 Reply
- DennisJannNimbostratus
This particular error message is typically logged when a client connects with an SSL/TLS version (e.g., SSLv3) not supported by your client-ssl profile. This can be quite annoying on Internet-facing devices as your VIPs are constantly being probed, usually without your consent.
The default behavior in BIG-IP 12.0.0 and later is to log SSL errors at level "warning" and higher.
tmsh list sys db log.ssl.level sys db log.ssl.level { value "Warning" }
I opened a support case with F5, and they refered me to the documentation on the available log levels:
https://support.f5.com/csp/article/K5532
I changed the logging level to "Error" to suppress these messages and that considerably reduced the amount of noise from SSL warning messages in /var/log/ltm.
tmsh modify sys db log.ssl.level { value "Error" }
Before making any changes, I would recommend reviewing the types of SSL alerts and their severity levels in /etc/alertd/bigip_tmm_error_maps.h, so that you can make an informed decision about what kinds of messages will you'll no longer be seeing:
grep SSL /etc/alertd/bigip_tmm_error_maps.h
Also reference:
https://support.f5.com/csp/article/K09322055
If you really want to identify the source addresses, you'd likely have to temporarily set the logging level to Debug, and then change it back to the default after capturing the data.
https://support.f5.com/csp/article/K17045
Hope this helps.