Article Number | 000033894 |
Applies To | RSA Product Set: NetWitness Logs & Network RSA Product/Service Type: SA Security Analytics Server/ Log Collector RSA Version/Condition: 10.4.x,10.5.x,10.6.x, 11.x Platform: CentOS O/S Version: EL6, EL7 |
Issue | The Security Analytics Local Log Collector is failing to send events to the Log Decoder
Received below errors in /var/log/message
An error occurred publishing to an AMQP channel: NO_ROUTE, exchange: windows, routing key: windows
Aug 29 09:41:53 LDecoder collectd[2642]: NgNativeReader_NwLogCollector-NormalUpdate: /event-processors/logdecoder/stats/eventsources/total_failed_executions: path not longer exists in service
|
Cause | This issue is caused if there is no destination decoder set in Event Destinations.
 |
Resolution | To resolve the issue, follow the steps below
- In the Security Analytics UI, navigate to Administration -> Services.
- Select the Local Log Collector service and click on the View -> Config button.
- Select the Event Destinations tab
- Check destination decoder is present or stopped
- If stopped start and check the status
- If not presented, add decoder as below
 |