How to make sure your Symantec Security Information Manager 4.5 sesagentd service gets restarted automatically in the event it unexpectedly unloads
Last Updated September 09, 2010
You notice that your Symantec Security Information Manager 4.5 Agent (sesagentd) service has stopped and no new events are being stored in the appliance. The agent was not stopped manually.
Symptoms You notice that new incoming events are not being stored on the appliance. When you login to the appliance either via Secure Shell (SSH) or the Dell Remote Access Card (DRAC) and execute the status command you receive the following message:
The sesagentd daemon is not currently running: Success PID ...
This confirms the sesagentd service is not running.
There an issue with the agent unloading and not restarting. This defect will be been addressed in Maintenance Release 2 (MR2). Systems prior to MR2 experiencing this issue will need to implement a work around, as described below.
The following procedure will assure the sesagentd process is restarted when it unloads. Download the attached TAR file, DO NOT unzip the file on a Windows machine. Using SCP (Secure Copy), copy the TAR file to the /tmp directory on the appliance (use BINARY mode when using SCP to transfer the file).
Log into your Symantec Security Information Manager v4.5 appliance using SSH as user db2admin or via the DRAC.
You must switch to the root user. At the command prompt, type:
su - root
Enter the root password.
Execute the following commands, one at a time, at the command prompt - pressing <ENTER>
after each command:
Note: The above command should return the string: 912db1a45b250288c513bdeb6d8fc8d4 agentcrashfix.tar If the md5sum command returns any number than that shown above, the file was not transfered properly and must be transfered again - making sure you are using BINARY mode when using SCP to transfer the file. If the above number does match, you can safely proceed.
tar -xvf agentcrashfix.tar
Note: This will create a new directory under /tmp called agentcrashfix.
killall -9 procmon
service sesagentd stop
Note: If the above command hangs for more than 30 seconds, press CTRL-C, and use the following command in lieu:
Note: It is recommended that you wait approximately 10 seconds to allow the agent to shutdown before continuing.