Article Number
000002119
Applies To
RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.7.1.1
Platform: CentOS
O/S Version: 7
Issue
Netwitness Remote Log Collector PUSH configuration in
UI->Remote Log Collector->Config->Local Collectors page has shovel failed error with below errors.
/var/log/rabbitmq/rabbit@<UUID>.log
022-09-21 06:36:26.080 [error] <0.27076.29> failed to connect to Host: "e123af12-2536-4548-b7dc-b4f86231476b" Port: undefined VirtualHost: <<"logcollection">>: error:{badmatch,{error,{tls_alert,{certificate_expired,"TLS client: In state certify at ssl_handshake.erl:1967 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}}
2022-09-21 06:36:26.080 [error] <0.27076.29> nw_shovel_worker:init failed: error With reason: {badmatch,{error,{badmatch,{error,{tls_alert,{certificate_expired,"TLS client: In state certify at ssl_handshake.erl:1967 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}}}}! Retrying in 60.0 seconds.Cause
This issue is due to broken trust between Log Collector and Remote Log Collector.
Resolution
Please follow the below steps in Log Collector and Remote Log Collector to re-establish the trust communication.
- Run the below commands to backup existing trust certificates.
cd /etc/pki/nw
mv trust trustbackup
- Run the below recipe to regenerate the trust directory.
chef-client -r "recipe[nw-pki::truststores]" --config /var/lib/netwitness/config-management/client.rb --json-attributes /etc/netwitness/config-management/node.json
- Set the correct ownership of generated trust directory.
cd /etc/pki/nw
chown -R netwitness:nwpki trust
- Refresh UI->Remote Log Collector->Config->Local Collectors page to see shovel failed error cleared.
