ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

DLP 15.5 Network Monitor Packet Capture Fails to Start


Article ID: 186561


Updated On:


Data Loss Prevention Network Monitor and Prevent for Email and Web


You notice packet capture fails to start automatically on your DLP Network Monitor.  You try to start packet capture manually and it still fails to start.  You notice in the DLP UI message code 1008 process went down before it had fully started.


Packet capture needs to run as root.  But, your server has been hardened and doesn't permit sudo command by DLP application.  


Release: 15.5

BoxMonitor log 
Class: om.vontu.logging.LocalLogWriter
Method: write
Message:  PacketCapture is down. PacketCapture process went down before it had fully started.
SymantecDLPDetectionServer log
Level: INFO
Source:  jvm 1   
Message:  PC> sudo: no tty present and no askpass program specified
Which is the usual message received when attempting to run a sudo command but don’t have permissions.


You must edit /etc/sudoers file and add #includedir /etc/sudoers.d to the sudoers file.

Also, make sure you have the following entry in the /etc/sudoers.d, as this is automatically inserted during DLP 15.5 Network Monitor Server install,

Defaults:protect !requiretty
protect ALL= NOPASSWD: /bin/mount, /bin/umount, /usr/bin/sshfs
protect ALL= NOPASSWD: /lib64/ --library-path /opt/Symantec/DataLossPrevention/Detection Server/15.5/Protect/lib/native\:/opt/Symantec/DataLossPrevention/Server JRE/1.8.0_181/lib/amd64/server /opt/Symantec/DataLossPrevention/Detection Server/15.5/Protect/bin/PacketCapture *