Data Center Security Agents are not sending events to the DCS Manager


Article ID: 223531


Updated On:


Data Center Security Server Advanced Data Center Security Server


When you notice that the Manager is not receiving any events from the DCS agent and you see that the events are queuing up on the agent follow this article to resolve.



This is caused by a stuck pointer file that is looking to send an old event CSV that doesn't exist or was already sent and then the file wasn't updated.


Release : 6.8.x +


Collect the agent logs
From the log bundle open the /var/log/sdcsslog/IPS/hidslog1rtfilepointer file in notepad to see what SISRTEvents*.csv is trying to be sent to the Manager.
Navigate to /var/log/sdcsslog location to see if you have an abundance of SISIDSEvents*.csv files and verify if the .csv file from the hidslog1rtfilepointer is stuck on an old file.

If it appears to be stuck on an old .csv file then move forward to the resolution below.


Windows Agents:

1. Stop the services from an Admin level cmd prompt.

sisservicectrl stop sisidsservice

sisservicectrl stop sisipsservice

sisservicectrl stop sisipsutil


2. Delete the pointer file (default path) "C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\IPS\hidslog1rtfilepointer"


3. Restart the services

sisservicectrl start sisidsservice

sisservicectrl start sisipsservice

sisservicectrl start sisipsutil


Linux Agents:

1. Stop the services
systemctl stop sisipsdaemon sisidsdaemon

2. Delete the pointer file
rm -f  /opt/Symantec/sdcssagent/IPS/hidslog1rtfilepointer*

3. Start the services
systemctl start sisidsdaemon sisipsdaemon


Check the Manager to see if events are being sent.