.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How to access RabbitMQ command line interfaces in RSA Security Analytics
Issue
You are trying to troubleshoot the state of RabbitMQ but you are not able to access the RabbitMQ UI when following the instructions in the article entitled How to access the RabbitMQ web interface to monitor and troubleshoot the event broker in RSA Security Analytics 000026920 due to a network restriction.Resolution
You can use the following 2 command line interface tools to access and manage RabbitMQ: rabbitmqadmin and rabbitmqctlrabbitmqadmin
You can use this tool to check the messages in the queue, as well as purging the itemsTo check the number of messages in all of the virtual hosts:
[root@rsaaio ~]# rabbitmqadmin --ssl --port=15671 -d 1 list vhosts
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
| name | messages | messages_ready | messages_unacknowledged | recv_oct | send_oct | tracing |
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
| / | | | | | | False |
| /mcollective | 0 | 0 | 0 | | | False |
| /rsa/im/integration | 2 | 2 | 0 | 925243 | 9326 | False |
| /rsa/sa | 0 | 0 | 0 | 588130 | 587770 | False |
| /rsa/system | 105 | 0 | 105 | 134121965 | 449384779 | False |
| logcollection | 0 | 0 | 0 | 1159959 | 1083616 | False |
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
| name | messages | messages_ready | messages_unacknowledged | recv_oct | send_oct | tracing |
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
| / | | | | | | False |
| /mcollective | 0 | 0 | 0 | | | False |
| /rsa/im/integration | 2 | 2 | 0 | 925243 | 9326 | False |
| /rsa/sa | 0 | 0 | 0 | 588130 | 587770 | False |
| /rsa/system | 105 | 0 | 105 | 134121965 | 449384779 | False |
| logcollection | 0 | 0 | 0 | 1159959 | 1083616 | False |
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
Run the commands below to purge message from a particular queue. In the example below we are purging the im.archer_incident_queue queue in the /rsa/im/integration virtual host. After that, we run the list vhosts command to determine the messages is back to 0
[root@rsaaio ~]# rabbitmqadmin --ssl --port=15671 --vhost=/rsa/im/integration purge queue name=im.archer_incident_queue
queue purged
[root@rsaaio ~]# rabbitmqadmin --ssl --port=15671 list vhosts
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
| name | messages | messages_ready | messages_unacknowledged | recv_oct | send_oct | tracing |
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
| / | | | | | | False |
| /mcollective | 0 | 0 | 0 | | | False |
| /rsa/im/integration | 0 | 0 | 0 | 925267 | 9342 | False |
| /rsa/sa | 0 | 0 | 0 | 588138 | 587778 | False |
| /rsa/system | 135 | 0 | 135 | 135287765 | 453559353 | False |
| logcollection | 0 | 0 | 0 | 1159959 | 1083616 | False |
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
queue purged
[root@rsaaio ~]# rabbitmqadmin --ssl --port=15671 list vhosts
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
| name | messages | messages_ready | messages_unacknowledged | recv_oct | send_oct | tracing |
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
| / | | | | | | False |
| /mcollective | 0 | 0 | 0 | | | False |
| /rsa/im/integration | 0 | 0 | 0 | 925267 | 9342 | False |
| /rsa/sa | 0 | 0 | 0 | 588138 | 587778 | False |
| /rsa/system | 135 | 0 | 135 | 135287765 | 453559353 | False |
| logcollection | 0 | 0 | 0 | 1159959 | 1083616 | False |
+---------------------+----------+----------------+-------------------------+-----------+-----------+---------+
rabbitmqctl
This is commonly used to check the status of RabbitMQ service and the list of applications that are running on the service.
[root@rsaaio ~]# rabbitmqctl status
Status of node sa@localhost ...
[{pid,17246},
{running_applications,
[{nw_admin,"RSA Security Analytics Message Broker Management",
"10.6.0.0.14466"},
{rabbitmq_federation_management,"RabbitMQ Federation Management",
"3.4.2"},
{rabbitmq_management,"RabbitMQ Management Console","3.4.2"},
{rabbitmq_web_dispatch,"RabbitMQ Web Dispatcher","3.4.2"},
{webmachine,"webmachine","1.10.3-rmq3.4.2-gite9359c7"},
{mochiweb,"MochiMedia Web Server","2.7.0-rmq3.4.2-git680dba8"},
{rabbitmq_federation,"RabbitMQ Federation","3.4.2"},
{rabbitmq_stomp,"Embedded Rabbit Stomp Adapter","3.4.2"},
{rabbitmq_management_agent,"RabbitMQ Management Agent","3.4.2"},
{rabbit,"RabbitMQ","3.4.2"},
{ssl,"Erlang/OTP SSL application","5.3.2"},
{public_key,"Public key infrastructure","0.21"},
{crypto,"CRYPTO version 2","3.2"},
{asn1,"The Erlang ASN1 compiler version 2.0.4","2.0.4"},
{os_mon,"CPO CXC 138 46","2.2.14"},
{inets,"INETS CXC 138 49","5.9.7"},
{mnesia,"MNESIA CXC 138 12","4.11"},
{amqp_client,"RabbitMQ AMQP Client","3.4.2"},
{rabbitmq_auth_mechanism_ssl,
"RabbitMQ SSL authentication (SASL EXTERNAL)","3.4.2"},
{xmerl,"XML parser","1.3.5"},
{sasl,"SASL CXC 138 11","2.3.4"},
{stdlib,"ERTS CXC 138 10","1.19.4"},
{kernel,"ERTS CXC 138 10","2.16.4"}]},
{os,{unix,linux}},
{erlang_version,
"Erlang R16B03 (erts-5.10.4) [source] [64-bit] [smp:2:2] [async-threads:30] [kernel-poll:true]\n"},
{memory,
[{total,99859472},
{connection_readers,694256},
{connection_writers,366568},
{connection_channels,2228504},
{connection_other,2077656},
{queue_procs,3435128},
{queue_slave_procs,0},
{plugins,2721544},
{other_proc,14042232},
{mnesia,378816},
{mgmt_db,3491872},
{msg_index,3087616},
{other_ets,4404416},
{binary,34387456},
{code,22434426},
{atom,801697},
{other_system,5307285}]},
{alarms,[]},
{listeners,
[{clustering,25672,"::"},
{amqp,5672,"127.0.0.1"},
{'amqp/ssl',5671,"::"},
{'stomp/ssl',61614,"::"}]},
{vm_memory_high_watermark,0.4},
{vm_memory_limit,10079500697},
{disk_free_limit,52363733840},
{disk_free,239272660992},
{file_descriptors,
[{total_limit,8092},
{total_used,61},
{sockets_limit,7280},
{sockets_used,56}]},
{processes,[{limit,1048576},{used,1191}]},
{run_queue,0},
{uptime,8945}]
[root@rsaaio ~]#
Status of node sa@localhost ...
[{pid,17246},
{running_applications,
[{nw_admin,"RSA Security Analytics Message Broker Management",
"10.6.0.0.14466"},
{rabbitmq_federation_management,"RabbitMQ Federation Management",
"3.4.2"},
{rabbitmq_management,"RabbitMQ Management Console","3.4.2"},
{rabbitmq_web_dispatch,"RabbitMQ Web Dispatcher","3.4.2"},
{webmachine,"webmachine","1.10.3-rmq3.4.2-gite9359c7"},
{mochiweb,"MochiMedia Web Server","2.7.0-rmq3.4.2-git680dba8"},
{rabbitmq_federation,"RabbitMQ Federation","3.4.2"},
{rabbitmq_stomp,"Embedded Rabbit Stomp Adapter","3.4.2"},
{rabbitmq_management_agent,"RabbitMQ Management Agent","3.4.2"},
{rabbit,"RabbitMQ","3.4.2"},
{ssl,"Erlang/OTP SSL application","5.3.2"},
{public_key,"Public key infrastructure","0.21"},
{crypto,"CRYPTO version 2","3.2"},
{asn1,"The Erlang ASN1 compiler version 2.0.4","2.0.4"},
{os_mon,"CPO CXC 138 46","2.2.14"},
{inets,"INETS CXC 138 49","5.9.7"},
{mnesia,"MNESIA CXC 138 12","4.11"},
{amqp_client,"RabbitMQ AMQP Client","3.4.2"},
{rabbitmq_auth_mechanism_ssl,
"RabbitMQ SSL authentication (SASL EXTERNAL)","3.4.2"},
{xmerl,"XML parser","1.3.5"},
{sasl,"SASL CXC 138 11","2.3.4"},
{stdlib,"ERTS CXC 138 10","1.19.4"},
{kernel,"ERTS CXC 138 10","2.16.4"}]},
{os,{unix,linux}},
{erlang_version,
"Erlang R16B03 (erts-5.10.4) [source] [64-bit] [smp:2:2] [async-threads:30] [kernel-poll:true]\n"},
{memory,
[{total,99859472},
{connection_readers,694256},
{connection_writers,366568},
{connection_channels,2228504},
{connection_other,2077656},
{queue_procs,3435128},
{queue_slave_procs,0},
{plugins,2721544},
{other_proc,14042232},
{mnesia,378816},
{mgmt_db,3491872},
{msg_index,3087616},
{other_ets,4404416},
{binary,34387456},
{code,22434426},
{atom,801697},
{other_system,5307285}]},
{alarms,[]},
{listeners,
[{clustering,25672,"::"},
{amqp,5672,"127.0.0.1"},
{'amqp/ssl',5671,"::"},
{'stomp/ssl',61614,"::"}]},
{vm_memory_high_watermark,0.4},
{vm_memory_limit,10079500697},
{disk_free_limit,52363733840},
{disk_free,239272660992},
{file_descriptors,
[{total_limit,8092},
{total_used,61},
{sockets_limit,7280},
{sockets_used,56}]},
{processes,[{limit,1048576},{used,1191}]},
{run_queue,0},
{uptime,8945}]
[root@rsaaio ~]#
Here are some of the key things you can take attention to:
- running_applications
- nw_admin: This is the API application for SA to connect to RabbitMQ
[{nw_admin,"RSA Security Analytics Message Broker Management",
"10.6.0.0.14466"}, - rabbitmq: The running of the amqp server used for message exchange
{rabbit,"RabbitMQ","3.4.2"},
- amqp_client: The running of the amqp client used for message exchange
{amqp_client,"RabbitMQ AMQP Client","3.4.2"},
- Listeners: These are the protocols serviced by RabbitMQ and the ports used. Ensure amqp/ssl is open with port 5671
{listeners,
[{clustering,25672,"::"},
{amqp,5672,"127.0.0.1"},
{'amqp/ssl',5671,"::"},
{'stomp/ssl',61614,"::"}]},
{vm_memory_high_watermark,0.4},
Internal Comments
Jay Kisner -- 10 Mar 2017Switched article to internal as we don't generally want customers accessing the internal queues of RabbitMQ.
Product Details
RSA Product Set: Security Analytics, NetWitness Logs & PacketsRSA Product/Service Type: Packet Decoder, Log Decoder, Concentrator, Archiver, ESA, Broker, Security Analytics Server
RSA Version/Condition: 10.4.x,10.5.x,10.6.x
Platform: CentOS
O/S Version: EL6
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue