000034104 - Unable to add Local Log Collector as a destination for VLC Remote Collector via Explore view in RSA Security Analytics

Document created by RSA Customer Support Employee on Oct 4, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000034104
Applies ToRSA Product Set: Security Analytics, NetWitness Logs and Packets
RSA Product/Service Type: Security Analytics UI, Log Collector, Virtual Log Collector (VLC)
RSA Version/Condition: 10.5.x, 10.6.x
Platform: CentOS
 
IssueUnable to add a local log collector as a destination for a a remote collector (VLC) using the Expore view in the RSA Security Analytics UI.
The error message below is displayed:
Failed to update remote destination: Invalid or missing address: <address>  Try adding the device to SA if not already added.

User-added image
ResolutionTo resolve the issue, follow the steps below.
  1. Log into the RSA Security Analytics UI.
  2. Go to Administration  > Services > Remote Collector.
  3. Open the Explore view, then go to event-broker.
  4. Expand event-broker and right-click on destinations.
  5. From the bottom drop down menu, select add and enter the text below into the parameters field.
    name=LogDecoder addresses=Local_LogCollector_IP_Address

  6. Click on the Send button.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.

Attachments

    Outcomes