Azure Collection: Troubleshoot using Azure

Document created by RSA Information Design and Development on Jun 19, 2017Last modified by RSA Information Design and Development on Jun 19, 2017
Version 5Show Document
  • View in full screen mode
  

The following section describes troubleshooting tips using Azure.

Troubleshooting Provisioning Errors

Listed below are the steps required to enable and discover your Remote Collector VM on your NW Server .

  1. SSH in to the Azure Remote Collector and NW Server using the following command:

    su root

  2. On the Azure Remote Collector, run the following command to get the node_id which will be used in subsequent steps.

    /etc/puppet/scripts/node_id.py

  3. On the NW Server , run

    puppet cert clean <Node_id>

  4. On the NW Server , run

    service puppetmaster stop

  5. On the Azure Remote Collector, run

    service puppet stop

  6. On the Azure Remote Collector, run

    rm -rf /var/lib/puppet/ssl/*

  7. On the NW Server , run

    service puppetmaster start

  8. On the Azure Remote Collector, run

    puppet agent -t --waitforcert 30

  9. Log in to the NW Server . Click Administration > Hosts, then click Discover.

Checking Ports

If you are having communications problems, check the ports that are listening on your Remote Collector. Run the following command:

nestat -anp | grep LISTEN

For more information, refer to the Ports table in Step 2 - Configure Virtual Machine in Azure.

Remote Collector Showing up as a Local Collector

If you cannot find a Local Collector as a destination, and syslog event source collection protocol is missing, then it is discovered as a Local Collector. To make it a Remote Collector, do the following:

  1. Edit the logcollectionType file and change the value from LC to RC.
  2. Run the following command:

    vi /etc/netwitness/ng/logcollection/logCollectionType

The file content should look similar to what is shown in the following example:

RC

You are here
Table of Contents > Deploy Remote Log Collector Service into Azure > Troubleshoot using Azure

Attachments

    Outcomes