This topic highlights possible problems that you may encounter when you configure Log Collection and suggested solutions to these problems.
Troubleshoot Remote Collector Configuration Issues
The log messages in the following table are sent to:
- For Push configuration - C:\NetWitness\ng\logcollector\rabbitmq\log\firstname.lastname@example.org on the Windows Legacy Collector server.
- For Pull configuration -
/email@example.com on Log Decoder host server on which the Local Collector is running.
|Log message with "certificate expired' as part of the message. For example:|
|Possible Causes|| |
The high-level cause of a certificate expired log message is that the SA service host clock (date/time) and one or more hosts running the log collector service clocks are not synchronized. The following scenarios can cause this error.
The SA service host and the Local Collector host clocks are synchronized, but the Windows Legacy Collector (WLC) clock is:
|Solutions||For either cause, make sure that the clocks for SA host and all Remote and Local Collector hosts are synchronized. |
Troubleshoot Collection Issues
Please refer to the troubleshooting instructions for each collection protocol for issues related to those protocols.