After install on a Linux or a Unix system the IPS and IPS Util service is not running.
search cancel

After install on a Linux or a Unix system the IPS and IPS Util service is not running.

book

Article ID: 163248

calendar_today

Updated On:

Products

Embedded Security Critical System Protection Critical System Protection Data Center Security Monitoring Edition Data Center Security Server Critical System Protection Client Edition Data Center Security Server Advanced Cloud Workload Protection

Issue/Introduction

The agent installed but there is a "Error 7 Starting IPS Agent" the IPS and IPS Util daemons are not running on the agent.

Here is the exact error string "Error 7 Starting IPS Agent". Also you will notice that there is no sisipsdaemon.log file present on the agent. 

Cause

Some customers may change the permissions on the /var/log directory which can result in the daemon not being able to create or write to it's log file sisipsdaemon.log so it will not start. 

Resolution

If the customer has a similar system that is working they should compare and mimic those permissions. If there is not a health system for them to check you can use this example. 

In most cases support finds that they have some like this:

Existing permissions on non working system on /var/log : drwSr-S--t
Changed the permissions on /var/log to                 : drwSr-Sr-t

others(o) should have read and execute permissions on /var/log.

Also you can use the following steps to check if this is related the incomplete libraries by doing the following:

1) su - sisips

2) run the daemon binary manually - /opt/Symantec/sdcssagent/IPS/bin/sisipsdaemon

 and check if there are any errors displayed on terminal. Send the output as seen on terminal if daemon does not start.

3) open other putty terminal and check if sisipsdaemon is running.

If the daemon does not start, then compare output of id command after doing su - sisips on the two systems (one on which daemon does not start and other on which it starts and both the systems have same permissions on /var/log).