Article Content
Article Number | 000017544 |
Applies To | RSA Security Analytics RSA Security Analytics 10.3 RSA Security Analytics Virtual Log Collector RabbitMQ Message Broker |
Issue | At least one VLC queue exists that does not have any consumers in RSA Security Analytics. In /var/log/messages on the VLC, an error similar to the following is displayed:
The message is truncated in /var/log/message. To obtain the full message, perform the following steps:
The full message will be displayed, as shown below.
|
Cause | This issue occurs because when deleting a destination group in VLC -> Local Collector, it doesn't delete the queues. It may also occur because the Log Collector is not currently running or parts of the system have been shut down. |
Resolution | To delete the 'orphaned' queues listed in the error message:
|
Notes | When viewing the queues in event-broker -> Stats -> Queues, the queue naming convention is: shovel_collection type_name. But when deleting, the naming convention must be (shovel.collection type.name), which is the same as seen on the error message. |
Legacy Article ID | a67209 |