This topic highlights possible problems that you may encounter with Windows Legacy Collection and suggested solutions to these problems.
Troubleshoot Legacy Windows and NetApp Collection Issues
In general, you receive more robust log messages by disabling SSL.
Errors Displayed in User Interface
There is no Appliance Service for the Legacy Windows Collector.
|Ignore this message.|
The Hosts view displays "Error" in the Updates column for the Windows Legacy Remote Collector appliance.
|The Windows Legacy collector does not use the puppet infrastructure that is part of 10.4 appliances.||Ignore this message.|
Protocol Restart Problems
|You restart the WIndows Legacy collection protocol, but Security Analytics is not receiving events.||The logcollector service is stopped.||Restart the logcollector service. |
If you see any of the following messages in the MessageBroker.log, you may have issues. You display the MessageBroker.log from the
|Log Messages||Any message that contains "rabbitmq"|
|Possible Cause||RabbitMQ service may not be running.|
Port 5671 may not be opened.
|Solutions||Make sure that the RabbitMQ service is running.|
Make sure that port 5671 is open.
|Log Messages||Error: Adding logcollector user account.|
Error: Adding administrator tag to logcollector account.
Error: Adding Adding logcollection vhost.
Error: Setting permissions to logcollector account in all vhosts.
Error: Deleting guest account.
|Possible Cause||rabbitmq-server was not running when installer tried to create users and vhosts.|
|Solutions||Make sure that the RabbitMQ service is running and run below commands manually.|
rabbitmqctl -q add_user logcollector netwitness
rabbitmqctl -q set_user_tags logcollector administrator
rabbitmqctl -q add_vhost logcollection
rabbitmqctl -q set_permissions -p / logcollector ".*" ".*" ".*"
rabbitmqctl -q set_permissions -p logcollection logcollector ".*" ".*" ".*"
rabbitmqctl -q delete_user guest