.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
The Security Analytics Local Log Collector is failing to send events to the Log DecoderReceived below errors in /var/log/message
An error occurred publishing to an AMQP channel: NO_ROUTE, exchange: windows, routing key: windows
Aug 29 09:41:53 LDecoder collectd[2642]: NgNativeReader_NwLogCollector-NormalUpdate:
/event-processors/logdecoder/stats/eventsources/total_failed_executions:
path not longer exists in service
/event-processors/logdecoder/stats/eventsources/total_failed_executions:
path not longer exists in service
Cause
This issue is caused if there is no destination decoder set in Event Destinations.
Resolution
To resolve the issue, follow the steps below- In the Security Analytics UI, navigate to Administration -> Services.
- Select the Local Log Collector service and click on the View -> Config button.
- Select the Event Destinations tab
- Check destination decoder is present or stopped
- If stopped start and check the status
- If not presented, add decoder as below
Product Details
RSA Product Set: NetWitness Logs & NetworkRSA Product/Service Type: SA Security Analytics Server/ Log Collector
RSA Version/Condition: 10.4.x,10.5.x,10.6.x, 11.x
Platform: CentOS
O/S Version: EL6, EL7
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue