Seeing "libarchive error" in SSL Visibility logs

book

Article ID: 169252

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

Messages file(s) shows similar records to the example below:
ssldata[3727]: [E] ns_archive_add() failed:NSLIB2:Archive [0xf000d40c;code:12;sub:212] libarchive error
ssldata[3727]: [E] ns_archive_add() failed:NSLIB2:Archive [0xf000d30c;code:12;sub:211] libarchive error





 

Cause

The libarchive library provides a single interface for reading/writing various compression format archives. These errors can occur if there is no disk space left or the write system call is interrupted by a signal.

The CLI command session log export executes the code path that can display archive error subcodes 211, 212.

Error 211 means zero bytes were written/archived.
Error 212 means some but not all of the requested bytes were written/archived.

In logs/nginx_access.log file in exported Diagnostics, we can also verify a SSL session log export was indeed running by searching for ssl_session_log string:

[12/Oct/2016:14:48:02 +0200] 200 "GET /history.html?monitor.ssl_session_log HTTP/1.1" 444 "https://<applianceIP>/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36" "-" 
[12/Oct/2016:14:48:53 +0200] 200 "GET /download/39796dedfc4741e696d42b3114f19cd4 HTTP/1.1" 55634789 "https://<applianceIP>/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36" "-"

Resolution

Currently, an error is logged to messages file if the returned value is -1 or if the requested write byte count does not match the number of bytes actually written. 

The worst-case scenario observed appears to be that SSL Visibility simply loses some of the data that should have been archived.