Symantec Linux Agent Error: Skipping line 8 in /etc/audit/plugins.d/sisaudisp.conf: too long
search cancel

Symantec Linux Agent Error: Skipping line 8 in /etc/audit/plugins.d/sisaudisp.conf: too long

book

Article ID: 228396

calendar_today

Updated On:

Products

Endpoint Protection Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

After installation of Symantec Endpoint Protection (SEP) 14.3 RU3 Linux Agent, or DCS 6.9.x Linux Agent,  you will see log entries like these in messages:

e.g.)

Nov 2 13:59:02 xxxx auditd[1138]: Skipping line 8 in /etc/audit/plugins.d/sisaudisp.conf: too long

Environment

  • SEP 14.3 RU3 / RU4 for Linux

  • DCS 6.9.x Agents

Cause

SEP 14.3 RU3 installer creates /etc/audit/plugins.d/sisaudisp.conf file upon installation.

e.g.)

$ cat /etc/audit/plugins.d/sisaudisp.conf
# Symantec audisp plugin

active = no
direction = out
path = /opt/Symantec/sdcssagent/IDS/bin/sisaudisp
type = always 
args = none
format = string

Its content is fine, but LF is missing at the very end:

e.g.)

$ od -tc /etc/audit/plugins.d/sisaudisp.conf
0000000 # S y m a n t e c a u d i s
0000020 p p l u g i n \n \n a c t i v e
0000040 = n o \n d i r e c t i o n
0000060 = o u t \n p a t h = / o p
0000100 t / S y m a n t e c / s d c s s
0000120 a g e n t / I D S / b i n / s i
0000140 s a u d i s p \n t y p e = a
0000160 l w a y s \n a r g s = n o
0000200 n e \n f o r m a t = s t r i
0000220 n g
0000222

Resolution

For SEP, this issue is fixed in Symantec Endpoint Protection 14.3 RU5.  For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.

For DCS, this issue is fixed in the DCS 6.9.3.22xx Agents, see DCS 6.9.3 Updates and Hotfix KB.

Work around:

To suppress log messages, append LF to sisaudisp.conf.

e.g.)

$ echo "" >> /etc/audit/plugins.d/sisaudisp.conf