Installing SCSP without sysklogd on RHEL5.x


Article ID: 181482


Updated On:


Critical System Protection




To allow install SCSP without sysklogd on RHEL5.x do the following:

1.  As root, setup the environment prior to install by:
  # touch /etc/scsp-check-bypass
  # export INST_PARMS="--nodeps"
  # ./agent64-linux-rhel5.bin.

Checking Required Package Dependencies...

ERROR: The minimum required packages for SCSP are not installed.  In order for SCSP to function properly, the following missing packages must be installed:

> sysklogd              System logging and kernel message trapping daemons.

Please install these packages before proceeding.

WARNING: /etc/scsp-check-bypass detected.
Bypassing installer checks may lead to unpredictable results.


Extracting /var/tmp/SYMCcsp4147/SYMCcsp- ...

Validating RPM File: /var/tmp/SYMCcsp4147/SYMCcsp- ...

Running native package installation
--> rpm -v --nodeps -i --prefix /opt/Symantec/scspagent /var/tmp/SYMCcsp4147/SYMCcsp-

Installing SCSP Agent package SYMCcsp-5.2.9-670 ...
Preparing packages for installation...

The Symantec Critical System Protection Agent has been successfully installed

2.  Once installed, additional configuration may be needed to support syslog-ng to set the correct source in the configuration entry added by the IDS daemon.
    a.  Open /etc/syslog-ng/syslog-ng.conf and search for ^source, if it is defined as "src", no change is required, otherwise a change is required to the IDS daemon to correctly filter the syslog-ng system events. 
For example:
       # grep ^source /etc/syslog-ng/syslog-ng.conf
           source s_sys {

    b. Edit /opt/Symantec/scspagent/IDS/system/LocalAgent.ini, uncomment  and change the line "Syslog NG Source" to the correct source  (e.g.  "Source NG Source=s_sys"). 
    c. Restart the IDS daemon
        # /etc/init.d/sisidsagent restart