.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
Unable to log into account on Admin UIMessage: The server could not be reached. Contact your system admin.
Cause
Orphaned im.saim_incident_queue could accumulate messages overtime causing overload to rabbitmq service and instability in NetWitness admin server.From NW 11.x, the integration has changed where this message queue is no longer in used. In NW 10.x, it was used to listen to messages pushed from UCF to NetWitness.
It is advised to purge the queue periodically until appropriate changes is released in future versions.
Sample output
# rabbitmqctl list_queues -p /rsa/system messages name consumers
30094 im.saim_incident_queue 0
30094 im.saim_incident_queue 0
Resolution
Run updateCrontabWithQueuePurgeJob.sh which adds scheduled queue purging daily at 00:00
# chmod 755 updateCrontabWithQueuePurgeJob.sh
# ./updateCrontabWithQueuePurgeJob.sh
# crontab -l to verify new
# ./updateCrontabWithQueuePurgeJob.sh
# crontab -l to verify new
If you are unsure about any of the steps above or experience any issues, contact RSA Support and quote this article ID.
Product Details
RSA Product Set: NetWitness PlatformRSA Product/Service Type: NetWitness Platform/Nw Admin Server
RSA Version/Condition: 11.x
Platform: CentOS
O/S Version: EL7
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue