Hello all,
We have a Linux deployment of DLP v14, where for all intensive purposes the Enforce server seems to be running properly. The Enforce server is running the Enforce console and the Oracle database. There will be detection servers on their own Linux server connecting back to the Enforce server.
As I said, the installation of the Oracle and Enforce software completed successfully and seem to be running properly.
The first detection server installed was the Network Discovery. The install completed properly, the VontuMonitor and VontuUpdate services start after a reboot or when manually restarted. Our problem is, the filereader does not start. It attempts to and keeps failing.
Both the Enforce and Network Discovery servers are running firewalls to "hide" the ability to VNC into them and force the use of VNC tunneling through SSH. On the Network Discovery server, port 8100 is open (nmap scans show it to be open and available). And the Network Discovery server was successfully added to the Enforce GUI. Wireshark was run on both servers at the same time to check the communications between the servers and traffic was seen flowing between the Enforce and Network Discovery on port 8100. (pcaps avaiable if needed). The directories SymantecDLP in /opt, /var, and /var/log have been chowned to protect:protect.
Here is how the user and group protect are setup:
[root@xxxx]# grep protect /etc/passwd
protect:x:1001:1001::/home/protect:/bin/bash
[root@xxxx]# grep protect /etc/group
protect:x:1001:
[root@xxxx]#
The filereader on the Network Discovery server just will not start.
Anyone have a fix?
Attached is the section of the FileReader0.log from the Network Discovery server showing an attempt to start the filereader.