This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Knowledge Base
- Health & Wellness status alarm "LogCollector Event Processor Exchange Bindings" will not clear in RS...
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Health & Wellness status alarm "LogCollector Event Processor Exchange Bindings" will not clear in RSA Security Analytics
Article Number
000002004
Applies To
RSA Product Set: NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: User Interface, Security Analytics Server, Log Collector
RSA Version/Condition: 10.6.3.x, 10.6.4.x
RSA Product/Service Type: User Interface, Security Analytics Server, Log Collector
RSA Version/Condition: 10.6.3.x, 10.6.4.x
Issue
Health & Wellness Alarm - LogCollector Event Processor Exchange Bindings with a value of “Unbounded Exchanges: windowslegacy” will not clear.
Resolution
Perform below steps to delete the windowslegacy exchange from the VLC using the rabbitmqadmin.py script.
- Connect to the VLC via SSH and navigate to the /opt/netwitness/bin directory.
#cd /opt/netwitness/bin - Verify that the windowslegacy exchangeexists on the VLC using the rabbitmqadmin.py script.
#./rabbitmqadmin.py -P 15671 -s -V logcollection list exchanges Sample output: +---------------+--------------------+---------+-------------+---------+----------+ | vhost | name | type | auto_delete | durable | internal | +---------------+--------------------+---------+-------------+---------+----------+ | logcollection | | direct | False | True | False | | logcollection | amq.direct | direct | False | True | False | | logcollection | amq.fanout | fanout | False | True | False | | logcollection | amq.headers | headers | False | True | False | | logcollection | amq.match | headers | False | True | False | | logcollection | amq.rabbitmq.trace | topic | False | True | True | | logcollection | amq.topic | topic | False | True | False | | logcollection | checkpoint | direct | False | True | False | | logcollection | cmdscript | direct | False | True | False | | logcollection | file | direct | False | True | False | | logcollection | netflow | direct | False | True | False | | logcollection | odbc | direct | False | True | False | | logcollection | rabbitmq.log | direct | False | True | False | | logcollection | sdee | direct | False | True | False | | logcollection | snmptrap | direct | False | True | False | | logcollection | syslog | direct | False | True | False | | logcollection | vmware | direct | False | True | False | | logcollection | windows | direct | False | True | False | | logcollection | windowslegacy | direct | False | True | False | +---------------+--------------------+---------+-------------+---------+----------+ - Remove the windowslegacy exchange using the script.
#./rabbitmqadmin.py -P 15671 -s -V logcollection delete exchange name=windowslegacy - Run the list exchanges command again to verify that no additional windowslegacy exchange entries are found.
#./rabbitmqadmin.py -P 15671 -s -V logcollection list exchanges +---------------+--------------------+---------+-------------+---------+----------+ | vhost | name | type | auto_delete | durable | internal | +---------------+--------------------+---------+-------------+---------+----------+ | logcollection | | direct | False | True | False | | logcollection | amq.direct | direct | False | True | False | | logcollection | amq.fanout | fanout | False | True | False | | logcollection | amq.headers | headers | False | True | False | | logcollection | amq.match | headers | False | True | False | | logcollection | amq.rabbitmq.trace | topic | False | True | True | | logcollection | amq.topic | topic | False | True | False | | logcollection | checkpoint | direct | False | True | False | | logcollection | cmdscript | direct | False | True | False | | logcollection | file | direct | False | True | False | | logcollection | netflow | direct | False | True | False | | logcollection | odbc | direct | False | True | False | | logcollection | rabbitmq.log | direct | False | True | False | | logcollection | sdee | direct | False | True | False | | logcollection | snmptrap | direct | False | True | False | | logcollection | syslog | direct | False | True | False | | logcollection | vmware | direct | False | True | False | | logcollection | windows | direct | False | True | False | +---------------+--------------------+---------+-------------+---------+----------+
Notes
- Make sure this alarm is from a VLC.
- This method can also apply to other collection exchanges that do not have any bindings. Simply change the exchange name in the delete command.
For example, to delete the syslog exchange you would issue the command below../rabbitmqadmin.py -P 15671 -s -V logcollection delete exchange name=syslog
No ratings
