search cancel

IPS translate command fails to generate the trans file due to an IPS exit code of 200


Article ID: 243342


Updated On:


Data Center Security Server Advanced


The IPS translate command failed to generate the trans file which resulted in the process automatically setting the policy to "Built-in"

The root cause seemed to be a mystery error seen in the logs as follows:

nb-appliance:/home/maintenance # grep 239803 /tmp/409.log
05/17/2022 01:02:34.439 [Info] [239803] COMMAND_BEGIN(64): /opt/NBUAppliance/scripts/scsp/ -r /opt/scsp -c
05/17/2022 01:02:34.943 [Info] [239803] Log Message :stop sisipsagent
05/17/2022 01:02:36.423 [Info] [239803] Log Message :stop sisipsutil
05/17/2022 01:02:36.582 [Info] [239803] Log Message :stop sisidsagent
05/17/2022 01:02:44.086 [Info] [239803] Log Message :Copied /opt/NBUAppliance/scripts/scsp/IDS/agent.ini to /opt/Symantec/sdcssagent/IDS/system/agent.ini
05/17/2022 01:02:44.095 [Info] [239803] Log Message :Copied /opt/NBUAppliance/scripts/scsp/IPS/agent.ini to /etc/sisips/agent.ini
05/17/2022 01:02:44.104 [Info] [239803] Log Message :Copied /opt/NBUAppliance/scripts/scsp/IPS/fallback.ini to /etc/sisips/fallback.ini
05/17/2022 01:02:44.114 [Info] [239803] Log Message :Copied /opt/NBUAppliance/scripts/scsp/IPS/sisips.reg to /etc/sisips/sisips.reg
05/17/2022 01:02:44.123 [Info] [239803] Log Message :Copied /opt/NBUAppliance/scripts/scsp/IPS/ to /etc/sisips/
05/17/2022 01:02:44.135 [Info] [239803] Log Message :Copied /opt/NBUAppliance/scripts/scsp/IPS/ to /etc/sisips/
05/17/2022 01:02:49.222 [Info] [239803] Log Message :Before translating the IPS policy
05/17/2022 01:02:49.234 [Info] [239803] Log Message :File: found
05/17/2022 01:02:59.728 [Info] [239803] Log Message :Failed to translate the IPS policy.Exit Code : 200
05/17/2022 01:03:00.845 [Info] [239803] Log Message :start sisipsagent
05/17/2022 01:03:01.096 [Info] [239803] Log Message :start sisipsutil
05/17/2022 01:03:01.249 [Info] [239803] Log Message :start sisidsagent
05/17/2022 01:03:01.713 [Info] [239803] Log Message :Enabled trace for Symantec Data Center Security (SDCS)
05/17/2022 01:03:01.724 [Info] [239803] COMMAND_END(64): /opt/NBUAppliance/scripts/scsp/


Release : 6.9.1



Knowing where to start looking for the root cause is always the difficult part.  In this case reverences to the is where it started.

After executing the translate command manually, and it failed-- an examination of the corresponding file "unmanaged_prevention_policy.confShowed that there was an error indicating that a certain ID or group could not be looked up. Also a search through the file "\log\sdcsslog\translate_strace.out " contained the following:

lstat("/home/wcatusers", 0x7ffc7982e020)  = -1 ENOENT (No such file or directory)

The policy, as delivered specified an account or group through which the action could be performed. No such group named wcatusers was found on the system (in this case Linux).


Creating the group wcatusers on the local Linux system allowed the translation to complete without failing since the user/group existed.