000026920 - How to access the RabbitMQ web interface to monitor and troubleshoot the event broker in RSA NetWitness Platform

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 26, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000026920
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: 
Head Unit / Server, Log Collector, RabbitMQ Message Broker
RSA Version/Condition: 10.6.x, 11.x
Platform: CentOS
IssueHow to access the RabbitMQ web interface to monitor and troubleshoot the event broker on RSA NetWitness Log Collector.
Resolution

The RabbitMQ Message Broker is configured to only listen on the loopback address (127.0.0.1), even though the RabbitMQ Management Plugin is installed in the broker. For debugging purposes, it may be useful to view the Message Broker state through the RabbitMQ Management Plugin and your browser.

If SSH is enabled on your Log Collector node, you can tunnel the RabbitMQ management port (15671) through SSH, and connect to the RabbitMQ Management console through a Web browser.

Note: The RabbitMQ Message Broker listens only on port 5671 (AMQPS) and 15671 (HTTPS). The unprotected ports 5672 (AMQP) and 15672 (HTTP) are no longer available.



Unix instructions:
From your client machine, run an SSH tunnel which maps traffic from localhost:15671 on your Log Collector appliance to a port of your choice on your local machine (e.g., 12345). E.g., if your Log Collector appliance is at 10.1.2.3, then you would run the equivalent of:

          prompt% ssh -L12345:localhost:15671 root@10.1.2.3

You may now connect to the RabbitMQ console via https://localhost:12345




Windows instructions:
Open the Putty GUI and navigate to Connection -> SSH -> Tunnels
Enter the local source port of your choosing (e.g., 12345) in the Source Port window and 127.0.0.1:15671 in the Destination window.
Select 'Add'
Immediately navigate to Sessions and open an SSH connection to your LogCollector as normal. This will also open the tunnel.
You may now connect to the RabbitMQ console via https://localhost:12345

RabbitMQ web interface login credentials:
Username:  guest
Password:   guest

Legacy Article IDa66614

Attachments

    Outcomes