This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Knowledge Base
  • Netwitness Remote Log Collector PUSH configuration has shovel failed error in 11.7
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Printer Friendly Page
    • Report Inappropriate Content

Netwitness Remote Log Collector PUSH configuration has shovel failed error in 11.7

Article Number

000002119

Applies To

RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.7.1.1
Platform: CentOS
O/S Version: 7

Issue

Netwitness Remote Log Collector PUSH configuration in UI->Remote Log Collector->Config->Local Collectors page has shovel failed error with below errors.

/var/log/rabbitmq/rabbit@<UUID>.log
022-09-21 06:36:26.080 [error] <0.27076.29> failed to connect to Host: "e123af12-2536-4548-b7dc-b4f86231476b" Port: undefined VirtualHost: <<"logcollection">>: error:{badmatch,{error,{tls_alert,{certificate_expired,"TLS client: In state certify at ssl_handshake.erl:1967 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}}
2022-09-21 06:36:26.080 [error] <0.27076.29> nw_shovel_worker:init failed: error With reason: {badmatch,{error,{badmatch,{error,{tls_alert,{certificate_expired,"TLS client: In state certify at ssl_handshake.erl:1967 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}}}}! Retrying in 60.0 seconds.

Cause

This issue is due to broken trust between Log Collector and Remote Log Collector.

Resolution

Please follow the below steps in Log Collector and Remote Log Collector to re-establish the trust communication.
  • Run the below commands to backup existing trust certificates.
cd /etc/pki/nw
mv trust trustbackup
  • Run the below recipe to regenerate the trust directory.
chef-client -r "recipe[nw-pki::truststores]" --config /var/lib/netwitness/config-management/client.rb --json-attributes /etc/netwitness/config-management/node.json
  • Set the correct ownership of generated trust directory.
cd /etc/pki/nw
chown -R netwitness:nwpki trust
  • Refresh UI->Remote Log Collector->Config->Local Collectors page to see shovel failed error cleared.
Tags (46)
  • 11.7
  • 11.7.x
  • 11.x
  • Appliance
  • Break Fix
  • Break Fix Issue
  • Broken
  • Config
  • Config Error
  • Configuration
  • Configuration Error
  • Configuration Help
  • Configuration Issue
  • Configuration Problem
  • Configuring Issue
  • Configuring Problem
  • Core Appliance
  • Customer Support Article
  • Error
  • Error Configuring
  • Error During Configuration
  • Error Message
  • Issue
  • Issue Configuring
  • Issues
  • KB Article
  • Knowledge Article
  • Knowledge Base
  • Log Collection
  • Log Collector
  • NetWitness
  • NetWitness Appliance
  • NetWitness Platform
  • NW
  • NW Appliance
  • NwLogCollector
  • Problem
  • RSA NetWitness
  • RSA NetWitness Platform
  • RSA Security Analytics
  • Security Analytics
  • Setup Issue
  • SIEM
  • Version 11.7
  • Version 11.7.x
  • Version 11.x
1 Like
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-11-21 04:13 PM
Updated by:
Administrator nwinfotech Administrator

Related Content

Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.