000026920 - How to access the RabbitMQ web interface to monitor and troubleshoot the event broker in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 6, 2018
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000026920
Applies ToRSA Product Set: RSA Security Analytics 
RSA Product/Service Type: 
Head Unit / Server, Log Collector, RabbitMQ Message Broker
RSA Version/Condition: 10.3.x,10.4.x,10.5.x,10.6.x
Platform: CentOS
O/S Version: EL6
IssueHow to access the RabbitMQ web interface to monitor and troubleshoot the event broker on an RSA Security Analytics Log Collector 10.3.x and later and RSA Security Analytics hosts >= 10.4.x such as the SA Server.
Resolution

The RabbitMQ Message Broker is configured to only listen on the loopback address (127.0.0.1), even though the RabbitMQ Management Plugin is installed in the broker. For debugging purposes, it may be useful to view the Message Broker state through the RabbitMQ Management Plugin and your browser.
If SSH is enabled on your Log Collector node, you can tunnel the RabbitMQ management port (15671) through SSH, and connect to the RabbitMQ Management console through a Web browser.
Note: As of version 10.3, the RabbitMQ Message Broker listens only on port 5671 (AMQPS) and 15671 (HTTPS). The unprotected ports 5672 (AMQP) and 15672 (HTTP) are no longer available.


Unix instructions:
From your client machine, run a SSH tunnel which maps traffic from localhost:15671 on your Log Collector appliance to a port of your choice on your local machine (e.g., 12345). E.g., if your Log Collector appliance is at 10.1.2.3, then you would run the equivalent of:
          prompt% ssh -L12345:localhost:15671 root@10.1.2.3
You may now connect to the RabbitMQ console via https://localhost:12345


 

Windows instructions:
Open the Putty GUI and navigate to Connection -> SSH -> Tunnels
Enter the local source port of your choosing (e.g., 12345) in the Source Port window and 127.0.0.1:15671 in the Destination window.
Select 'Add'
Immediately navigate to Sessions and open a SSH connection to your LogCollector as normal. This will also open the tunnel.
You may now connect to the RabbitMQ console via http://localhost:12345 As of 10.3, connect to the RabbitMQ console via https://localhost:12345



RabbitMQ web interface login credentials:
Username:  guest
Password:   guest



If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa66614

Attachments

    Outcomes