After you install and configure the Remote Importer utility on a Symantec Network Security 7100 Series appliance or a Symantec Network Security 4.0 node, the console stops displaying new events and incidents. It appears as though incidents and events disappear from the console after a few minutes. You also cannot generate reports. Restarting the computer does not fix the problem.
This problem happens because the Remote Importer agent restarts the Eventwriterd file. To temporarily fix this problem, restart the Symantec Network Security services. The problem is fixed until you restart the computer.
To prevent this problem, edit the startup script, which is the /usr/SNS/etc/init.d/manhunt file, to add the -P show parameter to the Eventwriterd entry. When Eventwriterd starts with this parameter, the Remote Importer does not restart Eventwriterd.
In the /usr/SNS/etc/init.d/manhunt file, find the following line:
Technical Information Though Symantec ManHunt does not exhibit this problem in the same way as Symantec Network Security, restarting the ManHunt services temporarily re-enables ManHunt, and adding the -P show parameter to Eventwriterd prevents related problems.
The Remote Importer agent forwards data from Symantec Network Security to the Symantec Security Operations Center (SOC). Data from SOC is used by Symantec Managed Services.
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.