Article Number | 000037758 |
Applies To | RSA Product Set: RSA Netwitness Log & Network RSA Product/Service Type: Log Collector RSA Version/Condition: 11.x Platform: CentOS 7 Platform (Other): RabbitMQ |
Issue | When trying to add a Local Collector under the VLC config view, sometimes you might face this error : failed to add destination for "LC": "HttpOps: 127.0.0.1:15671/api/nw/shovel/destinations/LC:GET: Response returned with status code: 401 Response: {"error":"not_authorised","reason":"Login failed"}"
Another error can be observed under /var/log/messages : Jul 24 08:37:43 VLC NwLogCollector[706]: [MessageBrokerLogReceiver] [warning] Unable to start AMQP Log Receiver, Error in constructing AMQPReceiver: connection error: 403: ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile. |
Cause | This issue could happen due to having a missing/misconfigured user in the rabbitmq service.
By default, when you list the rabbitmq users on a VLC you should find the below users:
 Some of the causes of this error might be due to having the "logcollector" user missing or misconfigured with the wrong tags or permissions.
|
Resolution | To fix it, try the below steps:
- First, create the user named "logcollector" with the default password "netwitness" using this command : rabbitmqctl add_user logcollector netwitness.
- Afterwards, if you tail /var/log/messages, you might be faced with this error :
 - We need to set the correct permissions for the "logcollector" user on the "logcollection" vhost to fix this.
- Set the appropriate tag on the user "logcollector" (administrator) using : rabbitmqctl set_user_tags logcollector administrator
- Then to set the permissions use : rabbitmqctl set_permissions -p logcollection logcollector ".*" ".*" ".*" this sets the permissions for the user "logcollector" on the vhost "logcollection" to config, read and write.
- Sometimes you may be faced with another error that might appear as the following after performing all the steps above
 - To fix this, take a backup of the shovel_config file : cp /etc/rabbitmq/shovel_config /etc/rabbitmq/shovel_config_old and then remove it rm -rf /etc/rabbitmq/shovel_config.
- Restart the rabbitmq service : systemctl restart rabbitmq-server
|
Notes | The default password for the "logcollector" user should be "netwitness". Otherwise, you may be faced with the same error. |