sisips-init.service failed yet Daemons and Modules operational for status.sh
search cancel

sisips-init.service failed yet Daemons and Modules operational for status.sh

book

Article ID: 258849

calendar_today

Updated On:

Products

Endpoint Security

Issue/Introduction

Sisips-init shows failure:

root@vsyslog:/usr/lib/symantec # systemctl status sisips-init
‚óŹ sisips-init.service - Symantec Agent for Linux IPS driver
   Loaded: loaded (/etc/systemd/system/sisips-init.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2023-01-30 13:56:17 CET; 1min 31s ago
  Process: 858 ExecStart=/etc/init.d/sisips.init start (code=exited, status=1/FAILURE)
 Main PID: 858 (code=exited, status=1/FAILURE)

Jan 30 13:56:17 vsyslog systemd[1]: sisips-init.service: Main process exited, code=exited, status=1/FAILURE
Jan 30 13:56:17 vsyslog systemd[1]: sisips-init.service: Failed with result 'exit-code'.
Jan 30 13:56:17 vsyslog systemd[1]: Failed to start Symantec Agent for Linux IPS driver.

But status.sh command displays all daemons as running and all modules as loaded:

Symantec Agent for Linux
Symantec Endpoint Protection (SEPM) 14.3.3075.5000

Daemon status:
  cafagent             running
  sisamdagent          running
  sisidsagent          running
  sisipsagent          running

Module status:
  sisevt               loaded
  sisap                loaded

Resolution

Sisips-init.service is not a service that runs all the time. If you start the service manually and check it with systemctl status, it will be:

 

"Active: failed"

 

This is expected behavior and does not indicate issues with SEP agent.

 

Execute /usr/lib/symantec/status.sh (or view agent_status file in the logs) to check the status of each Daemon and Module, and confirm that it is running and loaded normally.