000033894 - An error occurred publishing to an AMQP channel: NO_ROUTE on Local Log Collector in RSA Netwitness

Document created by RSA Customer Support Employee on Aug 29, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000033894
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.4.x,10.5.x,10.6.x
 
IssueThe Security Analytics Local Log Collector is failing to send events to the Log Decoder
Received below errors in /var/log/message
An error occurred publishing to an AMQP channel: NO_ROUTE, exchange: windows, routing key: windows
 
Aug 29 09:41:53 LDecoder collectd[2642]: NgNativeReader_NwLogCollector-NormalUpdate: 
/event-processors/logdecoder/stats/eventsources/total_failed_executions: 
path not longer exists in service
CauseThis issue is caused if there is no destination decoder set in Event Destinations.
         User-added image
ResolutionTo resolve the issue, follow the steps below
  1. In the Security Analytics UI, navigate to Administration -> Services.
  2. Select the Local Log Collector service and click on the View -> Config button.
  3. Select the Event Destinations tab
  4. Check destination decoder is present or stopped
  5. If stopped start and check the status
  6. If not presented, add  decoder as below
         User-added image
 

Attachments

    Outcomes