Packetcapture launcher is failing to start and packetcapture logs are not being created.

Release : 15.8 and above

Component: Packet Capture

Unlogged error occurred which is preventing packet capture from starting/running correctly. 

• AD account rather than local account with sudoers
  • By default an AD account will not go through sudoers file to execute sudo commands. AD accounts bypass the /etc/sudoers and /etc/sudoers.d/SymantecDLPDetectionServer files.  
• 3rd party app replacing sudoers
  • DLP requires the use of Sudoers for packet capture
• Incorrect permissions on certain files in the DLP directories.
  • Certain files may cause the packet capture software to crash if permissions are incorrectly set.  On several occasions we have observed this problem without any indication in logs even on FINEST level.

Make the following changes to the loggers

in MonitorLogging.Properties:
add:

com.vontu.util.OutputRedirector.level = FINER 

and change:

java.util.logging.FileHandler.level = FINER 

In PacketCaptureLogging.properties:

change:

.level = FINEST 

java.util.logging.FileHandler.level = FINEST 

Recycle the detection server

Now you can use the boxmonitor0.log to see why the packetcapture will not start when packetcapture.log is not being created or written to.