RSA Security Analytics Log Collector displays duplicate queues

Issue

RSA Security Analytics Log Collector displays duplicate queues.
At least one queue exists that does not have any consumers.

Cause

This condition may arise because the Log Collector is not currently running or parts of the system have been shut down.

In some cases, this condition may arise because a queue consumer (such as an event processor or VLC connection) was removed outside of the normal course of operation.

Resolution

If this warning message persists and you are certain there are no legitimate consumers of these queues, you may delete them via the RSA Security Analytics UI, following the steps below.

Navigate to the RSA Security Analytics UI > Administration > Services.
Select the Log Collector device in question and navigate to View > Explore.
Right-click on the event-broker node in the left pane and click Properties.
Select delete from the drop-down menu.
In the parameters field, enter text similar to the following : queue= (i.e. queue=LogDecoder_logdecoder_checkpoint)
NOTE: When entering the queue name, an underscore ( _ ) should be substituted for any periods ( . ) in the name.
Click the Send button and verify that a success message is displayed.
Repeat steps 5-6 for any additional queues that must be deleted.

If this does not solve your issue, please open a case with RSA Technical Support and reference this article so that we may better assist you.

Notes

Any event data stored in a queue will be lost as the result of a delete operation.

Internal Comments

UserName:shurtj
8/5/2014 9:07:08 PM - Updated Article
Updated article and made changes to abide by Primus best practices.

Product Details

RSA Product Set: Security Analytics, NetWitness Logs & Network
RSA Product/Service Type: Log Collector, RabbitMQ Message Broker
RSA Version/Condition: 10.2.x and above
Platform: CentOS 6, 7

Approval Reviewer Queue

RSA NetWitness Suite Approval Queue