000038585 - How to change AMQP port from 5671 to 443 in RSA NetWitness VLC

Document created by RSA Customer Support Employee on Mar 24, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038585
Applies ToRSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.x
Platform: CentOS 7

 
IssueHow to change AMQP port to port 443 in RSA NetWitness 11.x
CauseCustomer only allows 443 as the data communication port from VLC -> Log decoder, thus they must change.
That’s the compliance policy for their environment.
Resolution

Need to follow the below steps for enabling port 443 rather than using port 5671.



SSH to the LC Box and update following entry in the iptables



On logCollector box enable custom firewall option as per the following guide in the following community
(https://community.rsa.com/docs/DOC-93651) and update the iptables with the below entry



  • vi /etc/sysconfig/iptables"
  • ( -A PREROUTING -p tcp -m multiport --dports 443 -m comment --comment "1 RabbitMQ 5671 to 443" -j REDIRECT --to-ports 5671 )
  • Save the changes
  • Service iptables restart
  • SSH to VLC and edit the shovel config and update 443 port that is shown below.
  • vi /etc/rabbitmq/shovel_config
  • {addresses,["10.125.246.116:443"]}
  • service rabbitmq-server restart

Check from the Web UI Shovel status showing as green and pushing logs to the LC

Attachments

    Outcomes