DCS Linux server not collecting any events and a fatal error is displayed in the UMC
search cancel

DCS Linux server not collecting any events and a fatal error is displayed in the UMC

book

Article ID: 227590

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

A Linux computer stopped sending up events which was noted under the computer in the Unified Management Console under the Recent Events tab.  An error similar to the following

WTMP_0004,,,,WTMP_0004: Unable to open /var/log/btmp file. BTMP Collector will not collect any events.

The entire error is found in "/var/log/sdcsslog/SISRTEvents.csv

[EVENT_TYPE]=MERR:IDS Error -[EVENT_SEQ]=11 -[EVENT_TYPE]=Critical -[EVENT_PRIORITY]: 85 -[SYSTEM_STATE]=[R] Real-time event -[OtherDetails]=,,WTMP_0004,,,,BTMP Collector,,,,,WTMP_0004,,,,WTMP_0004: Unable to open /var/log/btmp file. BTMP Collector will not collect any events.

Environment

Release : 6.9.1

Component :

Cause

Warning found in "/opt/Symantec/sdcssagent/IDS/log/SISIDSService.log"

 WARNING Process Event Module PE_0105: Used Disk Space greater than 97%. Event logging stopped.

Running the command df -H confirmed that the available disk space had dropped below 95%, which is the default set in the "Default Common Parameters" under the Logging tab in the java console

 

Resolution

Free up disk space, expand the drive size, or set the policy to allow a higher percentage of disk space used before shutting down operations

Powered by Wolken Software