Netwitness Remote Log Collector PUSH configuration has shovel failed error in 11.7
Article Number
000002119
Applies ToApplies To
RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.7.1.1
Platform: CentOS
O/S Version: 7
IssueRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.7.1.1
Platform: CentOS
O/S Version: 7
Issue
Netwitness Remote Log Collector PUSH configuration in UI->Remote Log Collector->Config->Local Collectors page has shovel failed error with below errors.
/var/log/rabbitmq/rabbit@<UUID>.log
Cause/var/log/rabbitmq/rabbit@<UUID>.log
022-09-21 06:36:26.080 [error] <0.27076.29> failed to connect to Host: "e123af12-2536-4548-b7dc-b4f86231476b" Port: undefined VirtualHost: <<"logcollection">>: error:{badmatch,{error,{tls_alert,{certificate_expired,"TLS client: In state certify at ssl_handshake.erl:1967 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}} 2022-09-21 06:36:26.080 [error] <0.27076.29> nw_shovel_worker:init failed: error With reason: {badmatch,{error,{badmatch,{error,{tls_alert,{certificate_expired,"TLS client: In state certify at ssl_handshake.erl:1967 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}}}}! Retrying in 60.0 seconds.
Cause
This issue is due to broken trust between Log Collector and Remote Log Collector.
ResolutionResolution
Please follow the below steps in Log Collector and Remote Log Collector to re-establish the trust communication.
- Run the below commands to backup existing trust certificates.
cd /etc/pki/nw
mv trust trustbackup
mv trust trustbackup
- Run the below recipe to regenerate the trust directory.
chef-client -r "recipe[nw-pki::truststores]" --config /var/lib/netwitness/config-management/client.rb --json-attributes /etc/netwitness/config-management/node.json
- Set the correct ownership of generated trust directory.
cd /etc/pki/nw
chown -R netwitness:nwpki trust
chown -R netwitness:nwpki trust
- Refresh UI->Remote Log Collector->Config->Local Collectors page to see shovel failed error cleared.
TagsTags (46)
- 11.7
- 11.7.x
- 11.x
- Appliance
- Break Fix
- Break Fix Issue
- Broken
- Config
- Config Error
- Configuration
- Configuration Error
- Configuration Help
- Configuration Issue
- Configuration Problem
- Configuring Issue
- Configuring Problem
- Core Appliance
- Customer Support Article
- Error
- Error Configuring
- Error During Configuration
- Error Message
- Issue
- Issue Configuring
- Issues
- KB Article
- Knowledge Article
- Knowledge Base
- Log Collection
- Log Collector
- NetWitness
- NetWitness Appliance
- NetWitness Platform
- NW
- NW Appliance
- NwLogCollector
- Problem
- RSA NetWitness
- RSA NetWitness Platform
- RSA Security Analytics
- Security Analytics
- Setup Issue
- SIEM
- Version 11.7
- Version 11.7.x
- Version 11.x