Symptom
When performing a search for connection events having SSL Failure Reason as 'Decryption Error' there will be no results even though in the Dashboard->Connection Summary->SSL->SSL Decryption Failure Reasons the 'Decryption Error' counter is non-zero.
Conditions
A SSL policy with Decrypt-Resign is applied and traffic matches the policy.
Further Problem Description
Brief investigations show that the likely cause is missing decryption error entries in rna_flow_stats_* while the ssl_stats_* tables are populated correctly with decryption error stats. This may explain the non-zero counters in the dashboard and zero results of the connection events.
select count(decryption_error) from ssl_stats_day_1609891200_0;
+-------------------------+
| count(decryption_error) |
+-------------------------+
| 8 |
+-------------------------+
1 row in set (0.00 sec)
mysql> select count(*) from rna_flow_stats_1607689200_0 where ssl_flow_status=10;
+----------+
| count(*) |
+----------+
| 0 |
+----------+
1 row in set (1.10 sec)
select count(*) from rna_flow_stats_1609095060_0 where ssl_flow_status=10;
+----------+
| count(*) |
+----------+
| 0 |
+----------+
1 row in set (0.65 sec)
select * from ssl_flow_status;
+----+----------------------------------------------+---------------------+
| id | name | last_mod |
+----+----------------------------------------------+---------------------+
| 3 | Uncached Session | 2020-12-09 10:02:30 |
| 9 | Handshake Error | 2020-12-09 10:02:30 |
| 10 | Decryption Error | 2020-12-09 10:02:30 |
