Ad Widget

**sperrot2** · 23-01-2024, 13:37

Hello,
Which part of the zabbix system are you monitoring from : agent(1or2), proxy or server directly ?
Was there un update recently on this component or their config? (or asterisk side)

I understand zabbix components can be compiled using 1 of 2 TLS libs ? Maybe the one used (or version) has become incompatible ?

Try to isolate reproduce (maybe on the cli w/ zabbix_get) would be my advice

just my 2

Regards
Stephane Perrot

**HANDL_Eric** · 23-01-2024, 14:23

Originally posted by sperrot2

Hello,
Which part of the zabbix system are you monitoring from : agent(1or2), proxy or server directly ?
Was there un update recently on this component or their config? (or asterisk side)

I understand zabbix components can be compiled using 1 of 2 TLS libs ? Maybe the one used (or version) has become incompatible ?

Try to isolate reproduce (maybe on the cli w/ zabbix_get) would be my advice

just my 2

Regards
Stephane Perrot

These systems are currently being monitored by the Zabbix server directly. There haven't been any recent changes, this has been going on since we started using the template however it's to a point that the amount of these logs we receive due to the amount of systems currently deployed & monitored is getting to be cumbersome. It would be interesting to know how it was compiled as those systems are enforcing TLS 1.2 so if the library were trying to use say TLS 1.1 then I would expect there to be SSL errors, but I also wouldn't expect it to be polling data which it is.

**sperrot2** · 24-01-2024, 12:43

You mean you just have warning problems, if it is still working ?
You can check which tls lib your binaries are linked against with 'ldd' command (25 libs on my linux )

Otherwise, TLS on zabbix depends on a large number of parameters in conf fle (17 for agent, 11 for server on my ssytem, all prefixed by TLS at the end of conf files, wich usually are to be found under /etc/zabbix
(indicative only, not expert in zbx tls settings)

**HANDL_Eric** · 24-01-2024, 16:33

Originally posted by sperrot2

You mean you just have warning problems, if it is still working ?
You can check which tls lib your binaries are linked against with 'ldd' command (25 libs on my linux )

Otherwise, TLS on zabbix depends on a large number of parameters in conf fle (17 for agent, 11 for server on my ssytem, all prefixed by TLS at the end of conf files, wich usually are to be found under /etc/zabbix
(indicative only, not expert in zbx tls settings)

I think what you're referencing only applies for Zabbix agent <--> Zabbix Server communication. With this plugin, the Zabbix server is polling against an HTTPs web endpoint performing a GET with the HTTP agent type (Not the software agent), thus the TLS is configured on the asterisk web server and has nothing to do with Zabbix. There just seems to be a config issue specific to this template that is causing strange client behavior and generating errors on the application server every time it polls.

**sperrot2** · 24-01-2024, 17:11

Yes indeed
See https://www.zabbix.com/documentation...itemtypes/http
There 6 SSL parameters

Imho, you should try with a CLI curl request, and see if you get the same warning
(the binary may a priori be linked with diff version of the libcurl lib, slightlly different?)

Ad Widget

Asterisk by HTTP - TLS

Asterisk by HTTP - TLS

Comment

Comment

Comment

Comment

Comment