Federation script started, but the LWC service went down. | Security Analytics log shows connection failure exceptions with Windows Legacy Collector. | This issue is fixed automatically after restarting the Windows Legacy service. |
LWC is running, but RabbitMQ service is down or restarting. | Federation log file at Windows Legacy side displays an error message about RabbitMQ service being down. The log file to look at is: C:\NetWitness\ng\logcollector The following error message is logged in case RabbitMQ is not running: "Unable to connect to node logcollector@localhost: nodedown" The following diagnostics messages are displayed: attempted to contact: [logcollector@localhost] logcollector@localhost: * connected to epmd (port 4369) on localhost * epmd reports: node 'logcollector' not running at all other nodes on localhost: ['rabbitmqctl-4084'] * suggestion: start the node | Run the federation.bat script manually at LWC. To run the federate.bat script manually, perform the following steps: - Go to folder C:\Program Files\NwLogCollector where the Windows Legacy instance is installed.
- Locate the file federate.bat in this folder. Select the file and right click.
- Select Run as Administrator.
- To monitor the log file, navigate to
C:\NetWitness\ng\logcollector\federate.log while the federate.bat script is being executed. Note: Make sure the log file does not show any errors while the script is being executed. |
RabbitMQ service is down on Security Analytics side. | Security Analytics User Interface pages do not work. | Restart RabbitMQ service. |
No Health & Wellness stats are displayed in Security Analytics User Interface. | Puppet agent is not running, or is taking a while to publish the exchanged certificates. | Restart Puppet agent, or wait a few several minutes to finish exchanging the certificates. |
Customer receives a Health and Wellness notification, or the following Health and Wellness Alarm is displayed: "Communication failure between Master Security Analytics Host and a Remote Host" with LWC Host as the Remote IP. | - Federate.bat script failed to run successfully.
- Puppet agent has not run after the federate.bat script ran successfully.
| - If the federate.bat script did not run correctly, run it manually as described previously.
- If the federate.bat script ran correctly and the puppet agent has not performed its scheduled run, run the puppet agent manually using the following command on your Security Analytics server:
puppet agent -t |