Skip to content
  • There are no suggestions because the search field is empty.

NetWitness Remote Log Collector PUSH configuration fails with 406 Response

Issue

Post update of Remote Collector, the PUSH configuration disappears in Remote Collector->Config->Local Collectors Tab. 

Collector has staled queues without consumers as below.
 
# rabbitmqctl list_queues -p logcollection consumers messages name
Timeout: 60.0 seconds ...
Listing queues for vhost logcollection ...
consumers messages name
0 0 shovel.windows.SIEMDEC05
0 7195 shovel.syslog.SIEMDEC05
0 33270 shovel.file.SIEMDEC05
1 0 rabbitmq.log

Adding PUSH configuration in  Remote Collector->Config->Local Collectors Tab fails with the below error.


failed to add destination for "SIEMDEC05": "HttpOps: 127.0.0.1:15671/api/nw/shovel/destinations/SIEMDEC05:GET: Response returned with status code: 406 Response: "

Cause

This issues is due to nw_admin plugin missing in Remote Collector /etc/rabbitmq/enabled_plugins file.
 
# cat /etc/rabbitmq/enabled_plugins
[rabbitmq_auth_mechanism_ssl,rabbitmq_federation,rabbitmq_federation_management,rabbitmq_management,rabbitmq_shovel,rabbitmq_shovel_management].

Resolution

  • Pleas edit /etc/rabbitmq/enabled_plugins file in Remote collector to add nw_admin as below.
[ nw_admin,rabbitmq_auth_mechanism_ssl,rabbitmq_federation,rabbitmq_federation_management,rabbitmq_management,rabbitmq_shovel,rabbitmq_shovel_management].
  • Restart rabbitmq-server service using the below command.
systemctl restart rabbitmq-server.service
  • Try adding PUSH configuration in Remote Collector->Config->Local Collectors Tab which will be successful now.

Product Details

RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.5.1.0
Platform: CentOS
O/S Version: 7

Summary

This document fixes the error to set PUSH configuration.


Approval Reviewer Queue

RSA NetWitness Suite Approval Queue