Need steps to remove the DCS Linux agent event files for standard and docker agent 

Release : 6.8.x & 6.9.x

Component: DCS Linux Agent

There is a backlog of DCS event logs on the agent and they are preventing purge from working. They need to be manually deleted. 

Docker events are stored in the same log files as standard agent logs

The logs can be manually deleted from the agent machine

Follow the steps below to delete the event files:

1. Apply a null IPS policy to the agent (need to be logged in as root)

2. Stop the services using below command:

systemctl stop sisipsdaemon sisidsdaemon

3. Delete the csv files from DCS Agent Log directory   (   ../Agent/sdcsslog)

4. Delete the pointer file using the below command:

rm -f  /opt/Symantec/sdcssagent/IPS/hidslog1rtfilepointer*

5. Start the services using below command:

systemctl start sisidsdaemon sisipsdaemon