This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Netwitness Remote Log collector PUSH configuration fails with Connection reset by peer

Article Number

000002094

Applies To

RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.7.X
Platform: CentOS
O/S Version: 7

Issue

Adding PUSH configuration in Remote Collector->Config->Local Collectors Tab fails with the below error. 
failed to add destination for "LCNAME": "HttpOps: GET : SSL connection error: Connection reset by peer"
/var/log/rabbitmq/rabbitmq@<nodeid>.log shows below error. 
2022-07-13 07:02:08.074 [error] <0.5580.0> failed to connect to Host: "450e5369-f918-4e65-a686-a3b55233ff74" Port: undefined VirtualHost: <<"logcollection">>: error:{badmatch,{error,{tls_alert,{unknown_ca,"TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA\n"}}}}
2022-07-13 07:02:08.074 [error] <0.5580.0> nw_shovel_worker:init failed: error With reason: {badmatch,{error,{badmatch,{error,{tls_alert,{unknown_ca,"TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA\n"}}}}}}! Retrying in 60.0 seconds.
2022-07-13 07:02:08.086 [info] <0.5990.0> TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA
2022-07-13 07:02:08.086 [info] <0.5981.0> TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA

Cause

This issue is due to incorrect ownership of /etc/netwitness/ng/rabbitmq/ssl/ contents.
 

Resolution

Please change ownership files to rabbitmq:rabbitmq using the below steps.
  • Login to putty of Remote collector.
  • Update the ownerships of the files using the below commands.
chown -h rabbitmq:rabbitmq /etc/netwitness/ng/rabbitmq/ssl/truststore.pem
chown -h rabbitmq:rabbitmq /etc/netwitness/ng/rabbitmq/ssl/keys/cert.pem
chown -h rabbitmq:rabbitmq /etc/netwitness/ng/rabbitmq/ssl/keys/privkey.pem

expected ownership of files: 
# pwd
/etc/netwitness/ng/rabbitmq/ssl

# ls -l *
lrwxrwxrwx. 1 rabbitmq rabbitmq 32 Jun  2 03:07 truststore.pem -> /etc/rabbitmq/ssl/truststore.pem

keys:
total 0
lrwxrwxrwx. 1 rabbitmq rabbitmq 33 Jun  2 03:07 cert.pem -> /etc/rabbitmq/ssl/server/cert.pem
lrwxrwxrwx. 1 rabbitmq rabbitmq 32 Jun  2 03:07 privkey.pem -> /etc/rabbitmq/ssl/server/key.pem
  • Restart rabbitmq and collector services using the below commands.
systemctl restart rabbtimq-server
systemctl restart nwlogcollector
  • PUSH configuration will be successful now in the Remote Log collector.
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-07-25 07:39 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.