rsyslog is denied for file read/write on /var/log/scsplog/ids_syslog.pipe file


Article ID: 159084


Updated On:


Critical System Protection


In Unix systems event with "File Write Denied for rsyslog on /var/log/scsplog/ids_syslog.pipe file" is generated when agent version is upgraded to 5.2.9 MP2 and above

File Write Denied for rsyslog on /var/log/scsplog/ids_syslog.pipe file


The file location for ids_syslog.pipe has been changed in SCSP version 5.2.9 MP2 from /opt/Symantec/scspagent/IDS/system/ids_syslog.pipe to /var/log/scsplog/ids_syslog.pipe.

The following entry is added in /etc/ryslog.conf file after installing the 5.2.9 MP2 and above agent version. 
# The following is required for Symantec Host IDS - Do not edit or remove 
*.info;mail.err;mark.none |/var/log/scsplog/ids_syslog.pipe 



Whenever any agent version is updated to 5.2.9 MP2 and above, it is recommended to update the policy pack also to the same version. This update will get the default process set (syslogd_ps) applied and the file write for rsyslog on ids_syslog.pipe file located at /var/log/scsplog/ids_syslog.pipe will be allowed.