Packet Capture fails to start on Network Monitors after rolling back from DLP 16 MP1- to DLP 16 GA
search cancel

Packet Capture fails to start on Network Monitors after rolling back from DLP 16 MP1- to DLP 16 GA

book

Article ID: 262777

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Data Loss Prevention Data Loss Prevention Core Package Data Loss Prevention Network Protect

Issue/Introduction

The process "Packet Capture" fails to start in Network Monitorsafter rolling back from DLP 16 MP1- to DLP 16 GA 

 

Environment

Release : DLP 16.X 

Cause

incorrect ownership of files

Resolution

Need to verify and  change ownership in the environment if needed: 

On an upgraded system, ensure the version-specific upgrade root script was run from the correct location per the DLP Upgrade Guide for Linux.

If the upgrade was done as the root user and not protect, change the owner and permissions of the file "/opt/Vontu/Protect/bin/PacketCapture" with the following 2 commands and restart the services:

  • chown root:protect PacketCapture
  • chmod 6755 PacketCapture

 

In DLP 16.0+ You must also chown PacketCaptureLauncher and PacketCaptureLoaderArguments.conf

  • chown root:protect PacketCaptureLauncher
  • chown root:protect PacketCaptureLoaderArguments.conf

In the Protect/bin directory, all executables should be set to 750 , except for PacketCaptureLauncher which should be 4750.
The defaults will be corrected in a future release. 

NOTE:  It is recommended to reinstall any Linux detection server that has been upgraded improperly as the root user to ensure successful upgrades in the future.

Powered by Wolken Software