Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034104 - Unable to add Local Log Collector as a destination for VLC Remote Collector via the UI in RSA NetWitness Platform

Document created by RSA Customer Support

on Oct 4, 2016•Last modified by RSA Customer Support on Jul 30, 2020

Version 7Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034104
Applies To	RSA Product Set: Security Analytics, NetWitness Platform RSA Product/Service Type: Security Analytics UI, Log Collector, Virtual Log Collector (VLC) RSA Version/Condition: 10.5.x, 10.6.x, 11.x Platform: CentOS
Issue	Unable to add a local log collector as a destination for a remote collector (VLC) using the Explore view in the RSA Security Analytics UI. The error message below is displayed: Failed to update remote destination: Invalid or missing address: <address> Try adding the device to SA if not already added.
Resolution	To resolve the issue, follow the steps below. Log into the RSA Security Analytics UI. Go to Administration > Services > Remote Collector. Open the Explore view, then go to event-broker. Expand event-broker and right-click on destinations. From the bottom drop-down menu, select add and enter the text below into the parameters field. name=LogDecoder addresses=Local_LogCollector_IP_Address Click on the Send button. If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance. Sample Configuration Parameters Syntax: >>>Adding an LC Primary destination with specific collections: (No LC destination configured yet) ---group(or queue) will be named same as the destination name name=LDEC11 addresses=137.69.130.37 collections="odbc file syslog vmware windows" >>>Replication: (New Destination and New Group or Queue) ---group will be named same as the destination name name=LEPHybrid addresses=137.69.130.37 collections="odbc file syslog vmware windows" >>>Load-Balance: (Bind new destination to existing Group or Queue), e.g., existing group is LDEC11 name=LEPHybrid queue=LDEC11 addresses=137.69.130.37 collections="odbc file syslog vmware windows" >>>Failover: (Add new local collector IP to have multiple LCs in one destination ***Note: need to remove first the existing primary LC configuration name=LDEC11 queue=LDEC11 addresses="137.69.130.25 137.69.130.37" collections="odbc file syslog vmware windows"

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links

Re: ADD LC under VLC