search cancel

Packet Capture Cannot Detect dag0 Interface After DLP 15.1 or 15.5 is Installed

book

Article ID: 174772

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

After upgrading a RedHat detection server, with an Endace high speed capture card, to DLP 15.1, the Packet Capture process does not stay started.

DLP 15.1, or 15.5, install on RedHat with an Endace high speed capture card causes Packet Capture service to spawn multiple processes.

DLP 15.1, or 15.5, install on RedHat with an Endace high speed capture card causes Packet Capture to remain in starting state indefinitely.

Cause

No execute permissions on dagdetect.

NOEXEC parameter set as default in sudoers file.

Environment

DLP 15.1, DLP 15.5

RedHat 6.10

Endace DAG 7.5G4

DAG Driver 5.7.1

Resolution

Add !noexec to SymantecDLP sudoers file to allow SymantecDLP user to execute the dagdetect application.