Skip to content
  • There are no suggestions because the search field is empty.

How to change AMQP port from 5671 to 443 in RSA NetWitness VLC

Issue

How to change AMQP port to port 443 in RSA NetWitness 11.x


Cause

Customer only allows 443 as the data communication port from VLC -> Log decoder, thus they must change.
That’s the compliance policy for their environment.

Resolution

Need to follow the below steps for enabling port 443 rather than using port 5671.

SSH to the LC Box and update following entry in the iptables

On logCollector box enable custom firewall option as per the following guide in the following community
(https://community.netwitness.com/t5/netwitness-knowledge-base/how-to-add-custom-firewall-rules-after-nwsetup-tui-has-completed/ta-p/5900) and update the iptables with the below entry

  • vi /etc/sysconfig/iptables"
  • ( -A PREROUTING -p tcp -m multiport --dports 443 -m comment --comment "1 RabbitMQ 5671 to 443" -j REDIRECT --to-ports 5671 )
  • Save the changes
  • Service iptables restart
  • SSH to VLC and edit the shovel config and update 443 port that is shown below.
  • vi /etc/rabbitmq/shovel_config
  • {addresses,["10.125.246.116:443"]}
  • service rabbitmq-server restart

Check from the Web UI Shovel status showing as green and pushing logs to the LC


Product Details

RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.x 
Platform: CentOS 7


Approval Reviewer Queue

Technical approval queue