Netwitness Remote Log Collector PUSH configuration has shovel failed error in 11.7

Issue

Netwitness Remote Log Collector PUSH configuration in UI->Remote Log Collector->Config->Local Collectors page has shovel failed error with below errors.

/var/log/rabbitmq/rabbit@ .log

 022-09-21 06:36:26.080 [error] <0.27076.29> failed to connect to Host: "e123af12-2536-4548-b7dc-b4f86231476b" Port: undefined VirtualHost: <<"logcollection">>: error:{badmatch,{error,{tls_alert,{certificate_expired,"TLS client: In state certify at ssl_handshake.erl:1967 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}}
 
2022-09-21 06:36:26.080 [error] <0.27076.29> nw_shovel_worker:init failed: error With reason: {badmatch,{error,{badmatch,{error,{tls_alert,{certificate_expired,"TLS client: In state certify at ssl_handshake.erl:1967 generated CLIENT ALERT: Fatal - Certificate Expired\n"}}}}}}! Retrying in 60.0 seconds.

Cause

This issue is due to broken trust between Log Collector and Remote Log Collector.

Resolution

Please follow the below steps in Log Collector and Remote Log Collector to re-establish the trust communication.

Run the below commands to backup existing trust certificates.

cd /etc/pki/nw
mv trust trustbackup

Run the below recipe to regenerate the trust directory.

chef-client -r "recipe[nw-pki::truststores]" --config /var/lib/netwitness/config-management/client.rb --json-attributes /etc/netwitness/config-management/node.json

Set the correct ownership of generated trust directory.

cd /etc/pki/nw
chown -R netwitness:nwpki trust

Refresh UI->Remote Log Collector->Config->Local Collectors page to see shovel failed error cleared.

Product Details

RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.7.1.1
Platform: CentOS
O/S Version: 7

Summary

This document outlines the procedure to Re-establish the trust between Log Collector and Remote Log Collector.

Approval Reviewer Queue

Technical approval queue