search cancel

Packet Capture fails to start on a Linux Network Monitor

book

Article ID: 172370

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor Data Loss Prevention

Issue/Introduction

Packet Capture fails to start on a Linux Network Monitor and services show "partially running" in the Data Loss Prevention (DLP) Enforce GUI.

 

You may see

  • error code 1008 - packetcapture is down and
  • error code 1302 File Reader failed to start in the Enforce GUI.

Cause

This can occur if the Linux server's operating system is missing some of the required RPM's; especially "apr-util".

The Linux server is missing RPM's.

Resolution

     1. Verify the following RPM's are installed on the server per the Symantec_DLP_15.8_System_Requirements_Guide.pdf (broadcom.com), Required Linux RPMs section

    • apr
    • apr-util
    • compat-libstdc++-33
    • expat
    • libicu
    • Xorg-X11*

         *Required only for graphical installation.
          Console-mode installation does not require an X server.

    • Red Hat Enterprise Linux version 6 has these additional dependencies:
      • compat-openldap
      • compat-expat1
      • compat-db43
      • openssl098e
    • Red Hat Enterprise Linux version 7 has these additional 64-bit only package dependencies:
      • compat-openldap-1:2.3.43-5.el7
      • compat-db47-4.7.25-28.e17
      • libpng12
      • compat-libtiff3
    • Note: SeLinux must be disabled on all Linux-based servers.
    • To verify that a particular RPM is installed:
    • Login to a terminal window as "Root"Type: RPM -qa <Name of the RPM>  Example: RPM -qa apr-util
    • If a required RPM is missing; install it as "Root" using a command such as "yum install nameofpackage" (See your Linux documentation for further information on installing RPM's)

     2. Restart the Symantec DLP Detection Server Service after installing the missing RPM(s)