Stomp Collector failed

[ludoComp9]

Hello,

After received client certificate from n6, I launched:
openssl s_client -cert /usr/lib/python3/dist-packages/intelmq/bots/collectors/stomp/client.pem -key /usr/lib/python3/dist-packages/intelmq/bots/collectors/stomp/n6.key -CAfile /usr/lib/python3/dist-packages/intelmq/bots/collectors/stomp/ca.pem -host n6stream.cert.pl -port 61614
and it worked fine!

So, I tried to configure Stomp Collector module from intelMQ Manager with following parameters:

• exchange: mydomain.tld
• heartbeat: 6000
• port: 61614
• server: n6stream.cert.pl
• ssl_ca_certificate: /usr/lib/python3/dist-packages/intelmq/bots/collectors/stomp/ca.pem
• ssl_client_certificate: /usr/lib/python3/dist-packages/intelmq/bots/collectors/stomp/client.pem
• ssl_client_certificate_key: /usr/lib/python3/dist-packages/intelmq/bots/collectors/stomp/n6.key

But, when started, I have following error message from StompCollector.log file:

2023-05-19 15:39:05,488 - Stomp-Collector - INFO - Received SIGTERM.
2023-05-19 15:39:05,489 - Stomp-Collector - INFO - Bot stopped.
2023-05-19 15:39:05,896 - Stomp-Collector - INFO - StompCollectorBot initialized with id Stomp-Collector and intelmq 3.1.0 and python 3.10.6 (main, Mar 10 2023, 10:55:28) [GCC 11.3.0] as process 2668491.
2023-05-19 15:39:05,897 - Stomp-Collector - INFO - Bot is starting.
2023-05-19 15:39:06,180 - Stomp-Collector - INFO - Successfully connected and subscribed.
2023-05-19 15:39:06,180 - Stomp-Collector - INFO - Bot initialization completed.
2023-05-19 15:39:06,232 - Stomp-Collector - ERROR - Received an error: "ACCESS_REFUSED - access to queue '**_mydomain.tld_**' in vhost '/' refused for user '**myemailaddress**'".
2023-05-19 15:39:06,433 - Stomp-Collector - INFO - Successfully connected and subscribed.
2023-05-19 15:39:06,488 - Stomp-Collector - ERROR - Received an error: "ACCESS_REFUSED - access to queue '**_mydomain.tld_**' in vhost '/' refused for user '**myemailaddress**'".
2023-05-19 15:39:06,689 - Stomp-Collector - INFO - Successfully connected and subscribed.
[...]

Any idea ?

Platform:
Ubuntu 22.04.2 LTS
intelMQ: 3.1.0
stomp.py: 4.1.23

[sebix]

Are you sure that the correct exchange for you is mydomain.tld? and not the country code or alike?

[ludoComp9]

Yes, absolutely. n6 CERT team confirmed it.

[sebix]

I'm not able to help here, unfortunately. Not operating a STOMP service myself and last used n6's interface 1½ years ago.

[kamil-certat]

Could you enable debug log and see what it returns? Could you try to use the stomp.py CLI and manually connect to the requested queue?

I see that in our configuration the exchange is like /exchange/mydomain.tld/#. Could you try it?

[zuo]

• @ludoComp9 The value of the exchange parameter should be a string in the format: /exchange/{your organization ID}/{binding key}, e.g.: /exchange/mydomain.tld/*.*.*.*. For more details, see my answer in #2342.

[sebix]

@zuo is this fixed as well?

[zuo]

@zuo is this fixed as well?

I think it was rather a communication issue than a bug in the code or configuration, and I have already clarified the matter above (and also in comments to the ticket #2342). PRs #2408 and #2414 also improve the documentation related to the matter.

So I believe this ticket can be closed.

[sebix]

OK, thanks for the explanation