.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Netwitness Remote Log collector PUSH configuration fails with Connection reset by peer
Issue
Adding PUSH configuration in Remote Collector->Config->Local Collectors Tab fails with the below error.
failed to add destination for "LCNAME": "HttpOps: GET : SSL connection error: Connection reset by peer"
/var/log/rabbitmq/rabbitmq@
2022-07-13 07:02:08.074 [error] <0.5580.0> failed to connect to Host: "450e5369-f918-4e65-a686-a3b55233ff74" Port: undefined VirtualHost: <<"logcollection">>: error:{badmatch,{error,{tls_alert,{unknown_ca,"TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA\n"}}}}
2022-07-13 07:02:08.074 [error] <0.5580.0> nw_shovel_worker:init failed: error With reason: {badmatch,{error,{badmatch,{error,{tls_alert,{unknown_ca,"TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA\n"}}}}}}! Retrying in 60.0 seconds.
2022-07-13 07:02:08.086 [info] <0.5990.0> TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA
2022-07-13 07:02:08.086 [info] <0.5981.0> TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA
2022-07-13 07:02:08.074 [error] <0.5580.0> nw_shovel_worker:init failed: error With reason: {badmatch,{error,{badmatch,{error,{tls_alert,{unknown_ca,"TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA\n"}}}}}}! Retrying in 60.0 seconds.
2022-07-13 07:02:08.086 [info] <0.5990.0> TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA
2022-07-13 07:02:08.086 [info] <0.5981.0> TLS client: In state cipher received SERVER ALERT: Fatal - Unknown CA
Cause
This issue is due to incorrect ownership of /etc/netwitness/ng/rabbitmq/ssl/ contents.Resolution
Please change ownership files to rabbitmq:rabbitmq using the below steps.- Login to putty of Remote collector.
- Update the ownerships of the files using the below commands.
chown -h rabbitmq:rabbitmq /etc/netwitness/ng/rabbitmq/ssl/truststore.pem
chown -h rabbitmq:rabbitmq /etc/netwitness/ng/rabbitmq/ssl/keys/cert.pem
chown -h rabbitmq:rabbitmq /etc/netwitness/ng/rabbitmq/ssl/keys/privkey.pem
chown -h rabbitmq:rabbitmq /etc/netwitness/ng/rabbitmq/ssl/keys/cert.pem
chown -h rabbitmq:rabbitmq /etc/netwitness/ng/rabbitmq/ssl/keys/privkey.pem
expected ownership of files:
# pwd
/etc/netwitness/ng/rabbitmq/ssl
# ls -l *
lrwxrwxrwx. 1 rabbitmq rabbitmq 32 Jun 2 03:07 truststore.pem -> /etc/rabbitmq/ssl/truststore.pem
keys:
total 0
lrwxrwxrwx. 1 rabbitmq rabbitmq 33 Jun 2 03:07 cert.pem -> /etc/rabbitmq/ssl/server/cert.pem
lrwxrwxrwx. 1 rabbitmq rabbitmq 32 Jun 2 03:07 privkey.pem -> /etc/rabbitmq/ssl/server/key.pem
/etc/netwitness/ng/rabbitmq/ssl
# ls -l *
lrwxrwxrwx. 1 rabbitmq rabbitmq 32 Jun 2 03:07 truststore.pem -> /etc/rabbitmq/ssl/truststore.pem
keys:
total 0
lrwxrwxrwx. 1 rabbitmq rabbitmq 33 Jun 2 03:07 cert.pem -> /etc/rabbitmq/ssl/server/cert.pem
lrwxrwxrwx. 1 rabbitmq rabbitmq 32 Jun 2 03:07 privkey.pem -> /etc/rabbitmq/ssl/server/key.pem
- Restart rabbitmq and collector services using the below commands.
systemctl restart rabbtimq-server
systemctl restart nwlogcollector
systemctl restart nwlogcollector
- PUSH configuration will be successful now in the Remote Log collector.
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.7.X
Platform: CentOS
O/S Version: 7
Summary
This document outlines the procedure to set PUSH configuration in the Remote Log Collector.
Approval Reviewer Queue
Technical approval queue