000035088 - How to Uninstall RSA NetWitness Windows Legacy Collector from a Windows Server

Document created by RSA Customer Support Employee on Apr 28, 2017Last modified by RSA Customer Support on Feb 27, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000035088
Applies ToRSA Product Set: NetWitness Logs & Network/Security Analytics
RSA Product/Service Type: Windows Legacy Collector (WLC/LWC)
RSA Version/Condition: 10.5.x, 10.6.x
Platform: Windows
IssueUse these steps to uninstall the RSA Security Analytics Windows Legacy Collector from a Windows server.
  1. Logon to the RSA Security Analytics Server WebUI and remove the Windows Legacy Collector from the Hosts tab.
  2. Logon to the Windows Server as Administrator.
  3. From a command prompt type services.msc to administer Windows Services.
  4. Stop the NwLogCollector and RabbitMQ services and disable services.
  5. Right click on Windows Taskbar and start Task Manager. Go to the Details tab and kill any running epmd.exe (Erlang) processes (this is especially important if OS reboot is not possible for the last step and the Windows Legacy Collector is being immediately reinstalled).
  6. Navigate to Control Panel | Programs | Uninstall a program.
  7. Verify the following circled packages are installed.

User-added image
  1. Select each package in turn and click "Uninstall" to remove:

Erlang OTP 
RabbitMQ Server 
Security Analytics Legacy Windows Collector 

  1. You may also remove the four Microsoft Visual C++ Redistributable packages that are installed as part of the SA 10.6.3 Windows Legacy Collector installation, but you may wish to leave these packages if you have concerns about other dependencies.

User-added image

  1. Reboot your Windows server after removing the Windows Legacy Collector components that are no longer necessary.