Packet Capture fails to start on a Linux Network Monitor
search cancel

Packet Capture fails to start on a Linux Network Monitor


Article ID: 172370


Updated On:


Data Loss Prevention Network Monitor Data Loss Prevention


Packet Capture fails to start on a Linux Network Monitor and services show "partially running" in the Data Loss Prevention (DLP) Enforce GUI.


You may see

  • error code 1008 - packetcapture is down and
  • error code 1302 File Reader failed to start in the Enforce GUI.


This can occur if the Linux server's operating system is missing some of the required RPM's; especially "apr-util".

The Linux server is missing RPM's.


     1. Verify the following RPM's are installed on the server per the Symantec_DLP_15.8_System_Requirements_Guide.pdf (, Required Linux RPMs section

    • apr
    • apr-util
    • compat-libstdc++-33
    • expat
    • libicu
    • Xorg-X11*

         *Required only for graphical installation.
          Console-mode installation does not require an X server.

    • Red Hat Enterprise Linux version 6 has these additional dependencies:
      • compat-openldap
      • compat-expat1
      • compat-db43
      • openssl098e
    • Red Hat Enterprise Linux version 7 has these additional 64-bit only package dependencies:
      • compat-openldap-1:2.3.43-5.el7
      • compat-db47-4.7.25-28.e17
      • libpng12
      • compat-libtiff3
    • Note: SeLinux must be disabled on all Linux-based servers.
    • To verify that a particular RPM is installed:
    • Login to a terminal window as "Root"Type: RPM -qa <Name of the RPM>  Example: RPM -qa apr-util
    • If a required RPM is missing; install it as "Root" using a command such as "yum install nameofpackage" (See your Linux documentation for further information on installing RPM's)

     2. Restart the Symantec DLP Detection Server Service after installing the missing RPM(s)