Can one explain please
How to define alert based on % of unsuccesful ssl handshakes
I see such metric in report designer and composed chart for it, but i do not see such metric in alert wizard. It only provides several ssl error metrics in counted values or connection related in seconds but not handshake errors related in %. And i unable to figure out total ssl handshake metric to compose formula calculation.
Kind thanks and regards, Igor
Let's not look at the world through dark shades. Only slightly dimmed:-)
As of today (NAM 2018), you can create an alert based on "availability (transport)" metric. This metric shows percentage of successful operation attempts on e.g. software service level, counting failures when transport layer failure has been spotted. Transport failures are those which occurred on layers of SSL and HTTP. So if you define a software service for which you use SSL non-decrypting decode, your transport failures will equal the number of SSL failures. Handshake failure is one of those SSL failures, abrupt SSL session termination (because of SSL stack fail) is another.
End of it all, there is a way to track percentage of handshake failures by manipulating the decode configuration. It's not elegant, but can be done. Perhaps it could help.
In a short term (upcoming service packs), developers will analyze possibility of adding to alert configuration the metric that reveals number of failed handshakes. This would add possibility of withering availability (transport) alarms by number of failed handshakes >0. Still not a direct %handshake failures, but a bit closer: software service/decode configuration tweaking won't be required.
For the farther horizon, we will look at possibility of extending SSL handshake operation reporting to include number of failures - this could be the ideal solution (if it proved to be technically feasible; we don't know yet). In this case we would report failures, percentage of these, together with an information on which cipher negotiation failed. But we don't know yet if and when would this be doable.