When you notice that the Manager is not receiving any events from the DCS agent and you see that the events are queuing up on the agent follow this article to resolve.
This is caused by a stuck pointer file that is looking to send an old event CSV that doesn't exist or was already sent and then the file wasn't updated.
Release : 6.8.x +
Collect the agent logs
From the log bundle open the /var/log/sdcsslog/IPS/hidslog1rtfilepointer file in notepad to see what SISRTEvents*.csv is trying to be sent to the Manager.
Navigate to /var/log/sdcsslog location to see if you have an abundance of SISIDSEvents*.csv files and verify if the .csv file from the hidslog1rtfilepointer is stuck on an old file.
If it appears to be stuck on an old .csv file then move forward to the resolution below.
1. Stop the services from an Admin level cmd prompt.
sisservicectrl stop sisidsservice
sisservicectrl stop sisipsservice
sisservicectrl stop sisipsutil
2. Delete the pointer file /opt/Symantec/sdcssagent/IPS/hidslog1rtfilepointer
3. Restart the services
sisservicectrl start sisidsservice
sisservicectrl start sisipsservice
sisservicectrl start sisipsutil
1. Stop the services
systemctl stop sisipsdaemon sisidsdaemon
2. Delete the pointer file
rm -f /opt/Symantec/sdcssagent/IPS/hidslog1rtfilepointer*
3. Start the services
systemctl start sisidsdaemon sisipsdaemon
Check the Manager to see if events are being sent.