000033894 - An error occurred publishing to an AMQP channel: NO_ROUTE on Local Log Collector in RSA NetWitness

Document created by RSA Customer Support Employee on Aug 29, 2016Last modified by RSA Customer Support on May 3, 2019
Version 4Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000033894
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: SA Security Analytics Server/ Log Collector 
RSA Version/Condition: 10.4.x,10.5.x,10.6.x, 11.x
Platform: CentOS
O/S Version: EL6, EL7
IssueThe Security Analytics Local Log Collector is failing to send events to the Log Decoder

Received below errors in /var/log/message

An error occurred publishing to an AMQP channel: NO_ROUTE, exchange: windows, routing key: windows
 

Aug 29 09:41:53 LDecoder collectd[2642]: NgNativeReader_NwLogCollector-NormalUpdate: 
/event-processors/logdecoder/stats/eventsources/total_failed_executions: 
path not longer exists in service
CauseThis issue is caused if there is no destination decoder set in Event Destinations.

         User-added image
ResolutionTo resolve the issue, follow the steps below
  1. In the Security Analytics UI, navigate to Administration -> Services.
  2. Select the Local Log Collector service and click on the View -> Config button.
  3. Select the Event Destinations tab
  4. Check destination decoder is present or stopped
  5. If stopped start and check the status
  6. If not presented, add decoder as below
         User-added image
 

Attachments

    Outcomes