Installing Symantec Event Agents

book

Article ID: 179536

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

 

Resolution

Installing Symantec Event Agents

The Symantec Event Agent sends the data that is collected by the collector to the Information Manager appliance. The Agent is always installed on the same computer as the collector component. You must sometimes install Agents on the same computer as the security product for which it collects events; in other cases you can install the collector on a separate computer from the security product for which it collects events. This computer must have network access to the Information Manager appliance.

See Installation and configuration tasks for collectors.

Note:
When you install the Symantec Event Agent, you may receive the following error:

bootstrap- Symc_ConfigProvider: Server returned authorization error

This error generally occurs when Information Manager is under heavy load. The installation program continues to try to communicate with Information Manager until it succeeds. The installation may take several hours or more depending on the load conditions. No user action is required.

Note:
Java Runtime Environment (JRE) 1.6 is automatically installed along with the Agent into a subdirectory of the installation directory that is specified at installation. By default, the directory is C:\Program Files\Symantec\Event Agent\jre on Windows and /opt/Symantec/sesa/Agent/jre on UNIX. Only the collector component and the Agent use the JRE; it does not interfere with any other JRE that is installed on the computer.

If you install more than one collector on the same computer, you only need to install the Symantec Event Agent once.

Before you install the Symantec Event Agent, you should complete the following steps in the order presented:

  • Uninstall any previous version of the agent

    See Uninstalling the Symantec Event Agent.

  • Ensure that there is network connectivity between the system where the agent will be installed and the Information Manager appliance

  • If there is a firewall between the agent computer and the Information Manager appliance, ensure that the following ports are open:

    • TCP 5998

    • TCP 8086

    • TCP 443

    • TCP 80

When you complete the Symantec Event Agent operation, you can verify installation by completing the following procedures:

To install the Symantec Event Agent on a computer that runs Windows

  1. Launch the Information Manager Configuration Web site at the following URL:

    https:// Information_Manager_IP_address

  2. From the Information Manager Configuration Web site, click Downloads.

  3. Click Download Symantec Event Agent Installer for Windows, and save the file to a directory on the computer where you want to install the Symantec Event Agent.

    This option downloads a file that is named install.exe

  4. To install the Symantec Event Agent, double-click the install.exe that you downloaded in step 3, and then follow the prompts.

To install the Symantec Event Agent on a computer that runs Linux

  1. Launch the Information Manager Configuration Web site at the following URL:

    https:// Information_Manager_IP_address

  2. From the Information Manager Configuration Web site, click Downloads.

  3. Click Download Symantec Event Agent Installer for Linux, and save the file to a directory on the computer where you want to install the Symantec Event Agent.

    This option downloads a file that is named symevtagent_4.5.0.12.tar

  4. Navigate to the directory where you downloaded the .tar file in step 3.

  5. At the command prompt, type the following command:

    tar -xvf symevtagent_4.5.0.12.tar

    This command creates a subdirectory that is named Agent, and then unpacks the Event Agent installation files into that directory.

  6. At the command prompt, to run the install script, type the following commands:

    cd Agent

    sh ./install.sh

  7. At the prompts, enter the appropriate information.

To install the Symantec Event Agent on a computer that runs Solaris

  1. Launch the Information Manager Configuration Web site at the following URL:

    https:// Information_Manager_IP_address

  2. From the Information Manager Configuration Web site, click Downloads.

  3. Click Download Symantec Event Agent Installer for Solaris, and save the file to a directory on the computer where you want to install the Symantec Event Agent.

    This option downloads a file that is named symevtagent_4.5.0.13.tar

  4. Navigate to the directory where you downloaded the .tar file in step 3.

  5. At the command prompt, type the following command:

    tar -xvf symevtagent_4.5.0.13.tar

    This command creates a subdirectory that is named Agent, and then unpacks the Event Agent installation files into that directory.

  6. At the command prompt, to run the install script, type the following commands:

    cd Agent

    sh ./install.sh

  7. At the prompts, enter the appropriate information.