number of receipt of TLS fatal alert message messages logged = 485015

jrrodriguez · ‎12-03-2010

We have IPS 4260

ande whit the commando sh statistics web-server, send me this

session-2
      remote host = 148.245.182.4
      session is persistent = no
      number of requests serviced on current connection = 1
      last status code = 200
      last request method = GET
      last request URI = cgi-bin/sdee-server
      last protocol version = HTTP/1.1
      session state = processingGetServlet
   number of server session requests handled = 787185
   number of server session requests rejected = 0
   total HTTP requests handled = 508670
   maximum number of session objects allowed = 40
   number of idle allocated session objects = 7
   number of busy allocated session objects = 3
summarized log messages
   number of TCP socket failure messages logged = 0
   number of TLS socket failure messages logged = 0
   number of TLS protocol failure messages logged = 0
   number of TLS connection failure messages logged = 485058
   number of TLS crypto warning messages logged = 0
   number of TLS expired certificate warning messages logged = 0
   number of receipt of TLS fatal alert message messages logged = 485015

i have a quiestion about the last line

number of receipt of TLS fatal alert message messages logged = 485015

What means this

Scott Fringer · ‎12-06-2010

This indicates remote systems are attempting to connect to the sensor and are making use of an invalid or expired TLS certificate for the sensor; perhaps an IME workstation, CS-MARS or other SDEE-based remote monitoring system.

This can occur when the TLS certificate has been regenerated on the sensor CLI using the 'tls generate-key' command, and the new certificate has not been accepted by the remote monitoring system.

Scott