Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000037758 - Rabbitmq Shovel Error Status Code 401 not_authorized Login Failed in RSA NetWitness Platform

Document created by RSA Customer Support

on Sep 12, 2019

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000037758
Applies To	RSA Product Set: RSA Netwitness Log & Network RSA Product/Service Type: Log Collector RSA Version/Condition: 11.x Platform: CentOS 7 Platform (Other): RabbitMQ
Issue	When trying to add a Local Collector under the VLC config view, sometimes you might face this error : failed to add destination for "LC": "HttpOps: 127.0.0.1:15671/api/nw/shovel/destinations/LC:GET: Response returned with status code: 401 Response: {"error":"not_authorised","reason":"Login failed"}" Another error can be observed under /var/log/messages : Jul 24 08:37:43 VLC NwLogCollector[706]: [MessageBrokerLogReceiver] [warning] Unable to start AMQP Log Receiver, Error in constructing AMQPReceiver: connection error: 403: ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.
Cause	This issue could happen due to having a missing/misconfigured user in the rabbitmq service. By default, when you list the rabbitmq users on a VLC you should find the below users: Some of the causes of this error might be due to having the "logcollector" user missing or misconfigured with the wrong tags or permissions.
Resolution	To fix it, try the below steps: First, create the user named "logcollector" with the default password "netwitness" using this command : *rabbitmqctl add_user logcollector netwitness. Afterwards, if you tail /var/log/messages, you might be faced with this error : We need to set the correct permissions for the "logcollector" user on the "logcollection" vhost to fix this. Set the appropriate tag on the user "logcollector" (administrator) using : rabbitmqctl set_user_tags logcollector administrator* Then to set the permissions use : *rabbitmqctl set_permissions -p logcollection logcollector "." "." "." this sets the permissions for the user "logcollector" on the vhost "logcollection" to config, read and write. Sometimes you may be faced with another error that might appear as the following after performing all the steps above To fix this, take a backup of the shovel_config file : cp /etc/rabbitmq/shovel_config /etc/rabbitmq/shovel_config_old and then remove it rm -rf /etc/rabbitmq/shovel_config. Restart the rabbitmq service : systemctl restart rabbitmq-server**
Notes	The default password for the "logcollector" user should be "netwitness". Otherwise, you may be faced with the same error.

Attachments

Outcomes

0 Comments