Sys Maintenance: Debugging Information

Document created by RSA Information Design and Development on Sep 14, 2017Last modified by RSA Information Design and Development on Oct 13, 2017
Version 10Show Document
  • View in full screen mode
  

NetWitness Suite Log Files

The following files contain NetWitness Suite log information.

                                                   
ComponentFile
rabbitmq/var/log/rabbitmq/nw@localhost.log
/var/log/rabbitmq/nw@localhost-sasl.log
collectd/var/log/messages
nwlogcollector/var/log/messages
nwlogdecoder/var/log/messages
sms/opt/rsa/sms/wrapper.log
sms/opt/rsa/sms/logs/sms.log 
sms/opt/rsa/sms/logs/audit/audit.log
NetWitness Suite/var/lib/netwitness/uax/logs/nw.log
NetWitness Suite/var/lib/netwitness/uax/logs/ audit/audit.log
NetWitness Suite/opt/rsa/jetty9/logs

Files of Interest

The following files are used in key NetWitness Suite components, and can be useful when trying to track down miscellaneous issues.

                                      
ComponentFileDescription
rabbit/etc/rabbitmq/rabbitmq.configRabbitMQ configuration file. This configuration file partially drives the behavior of RabbitMQ, particularly around network/SSL settings.
rabbit/etc/rabbitmq/rabbitmq-env.confRabbitMQ environment configuration file. This file specifies the RabbitMQ node name and location of the enabled plugins file.
rabbit/etc/rabbitmq/rsa_enabled_pluginsThis file specifies the list of enabled plugins in RabbitMQ. This file is managed by the RabbitMQ server, via the rabbitmq-plugins command. This file overrides the /etc/rabbitmq/enabled_plugins path, in order to work around issues with upgrading the Log Collector from early versions.
rabbit/etc/rabbitmq/ssl/truststore.pemThe RabbitMQ trust store. This file contains a sequence of PEM-encoded X.509 certificates, represented trust CAs. Any clients that connect to RabbitMQ and present a certificate that is signed by a CA in this list is considered a trusted client.
rabbit/var/log/rabbitmq/mnesia/nw@localhostThe RabbitMQ Mnesia directory. Mnesia is the Erlang/OTP database technology, for storing Erlang objects persistently. RabbitMQ uses this technology for storing information such as the current set of policies, persistent exchanges and queues, and so forth.

Importantly, the msg_store_persistent and msg_store_transient directories are where RabbitMQ stores messages that have been spooled to disk,  e.g., if messages are published as persistent messages, or which have paged off to disk due to memory limitations. Keep a close eye on this directory, if the disk or memory alarms have tripped in RabbitMQ.

Caution: Do not delete these files manually. Use RabbitMQ tools to purge or delete queues. Modifying these files manually may render your RabbitMQ instance inoperable.

You are here
Table of Contents > Troubleshoot NetWitness Suite > Debugging Information

Attachments

    Outcomes