ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Packet Capture fails to start on a Linux Network Monitor


Article ID: 172370


Updated On:


Data Loss Prevention Network Monitor Data Loss Prevention


Packet Capture fails to start on a Linux Network Monitor and services show "partially running" in the Data Loss Prevention (DLP) Enforce GUI.


You may see error code 1008 - packetcapture is down and error code 1302 file reader failed to start in the Enforce GUI.


This can occur if the Linux server's operating system is missing some of the required RPM's; especially "apr-util".

The Linux server is missing RPM's.


     1. Verify the following RPM's are installed on the server per the Symantec_DLP_15.1_System_Requirements_Guide

  • apr
  • apr-util
  • compat-libstdc++-33
  • expat
  • libicu
  • Xorg-X11*

         *Required only for graphical installation.
          Console-mode installation does not require an X server.

  1. Red Hat Enterprise Linux version 6 has these additional dependencies:
    • compat-openldap

    • compat-expat1

    • compat-db43

    • openssl098e

  2. Red Hat Enterprise Linux version 7 has these additional 64-bit only package dependencies:
    • compat-openldap-1:2.3.43-5.el7

    • compat-db47-4.7.25-28.e17

    • libpng12

    • compat-libtiff3

  3. Note: SeLinux must be disabled on all Linux-based servers.
  4. To verify that a particular RPM is installed:
    • Login to a terminal window as "Root"

    • Type: RPM -qa <Name of the RPM>  Example: RPM -qa apr-util

  5. If a required RPM is missing; install it as "Root" using a command such as "yum install nameofpackage" (See your Linux documentation for further information on installing RPM's)

     2. Restart the Vontu Monitor service after installing the missing RPM(s)