.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How to troubleshoot Virtual Log Collector (VLC) connectivity issues with the RSA Security Analytics Log Collector
Issue
How to troubleshoot Virtual Log Collector (VLC) connectivity issues with the RSA Security Analytics Log Collector.Resolution
When there is an issue with connectivity between Virtual Log Collector(VLC) and Log Collector we can use the steps here to check if the communication and the certificate are valid for the connection between these two hosts.Steps to be perform:
1 - Connect to the Virtual Log Collector (VLC) via SSH using the root user:
2 - cd /etc/netwitness/ng/rabbitmq
3 - openssl s_client ?connect ip_address_of_the_LC:5671 ?key ssl/keys/privkey.pem ?cert ssl/keys/cert.pem ?CAfile ssl/truststore.pem
Note that the "ip_address_of_the_LC" should be the IP address of the VLC you are trying to send the logs to using pulling method from the Local Collector
The expected output if the connection is successful is (these are the last lines from the output which should return "Verify return code: 0 (ok)" ):
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: VE900C1AYHG69C4FB64DD7353BC26B45DA57E6F7629C5ED835CCD3ED3F8303BF
Session-ID-ctx:
Master-Key: N009V6A9486305P90LK01C94C93611B3B7F7DTYHG6789O0168091F902F9C20B492834123EFDD56TG9989OPL0001SWA56
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1400258247
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed
Internal Comments
UserName:saxonj6/16/2014 7:25:17 PM - Review Comments - Not Approved.
The article needs review. The commands are not consistent and the fonts used should be Courier New and Bold for any commands the user should enter. Also, the Fact statements do not follow best practice. There are a few simple typographical errors that need to be corrected.
UserName:saxonj
6/16/2014 7:35:36 PM - Suggested Changes
Title: RSA Security Analytics - Virtual Log Collector Troubleshooting Goal: Use these steps to troubleshoot connectivity between a Virtual Log Collector (VLC) and Log Collector Fact: RSA Security Analytics – Virtual Log Collector 10.2.x and above Fact: RSA Security Analytics – Virtual Log Collector 10.3.x and above Symptom: When there is an issue with connectivity between Virtual Log Collector(VLC) and Log Collector use the following steps to verify communications channels and the certificate are valid between these two hosts. Fix: Steps to perform: 1 - Connect to the Virtual Log Collector (VLC) via SSH using the root user 2 - Change to the rabbitmq folder cd /etc/netwitness/ng/rabbitmq 3 - openssl s_client –connect
UserName:shurtj
8/13/2014 9:28:45 PM - Updated Article
Updated article and made changes to abide by Primus best practices.
Product Details
RSA Security AnalyticsRSA Security Analytics 10.2
RSA Security Analytics 10.3
RSA Security Analytics Log Collector
RSA Security Analytics Virtual Log Collector
RabbitMQ Message Broker
INTERNAL ONLY!!!