Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

ceh segfault errors on the Network Monitor server

Created: 07 Dec 2012 • Updated: 28 Dec 2012 | 1 comment
Artem's picture
This issue has been solved. See solution.

Hello,

Used version of Symantec DLP: 11.5
The system has the Network Monitor server installed on the Red Hat Enterprise Linux Server release 5.6.
The system works correctly, but the file /var/log/messages of the Network Monitor server contents following errors:

Dec 27 15:02:01 dlp-netmon kernel: ceh[15299]: segfault at 0000000000000000 rip 00002aaac03267be rsp 0000000040fe0390 error 4
Dec 27 15:02:02 dlp-netmon kernel: ceh[15397]: segfault at 0000000000000000 rip 00002aaac460e7be rsp 000000004515d390 error 4
Dec 27 15:02:02 dlp-netmon kernel: ceh[15408]: segfault at 0000000000000000 rip 00002aaac850d7be rsp 00000000446f0390 error 4

At the same time the file ContentExtractionHost_FileReader.log contens:

12/27/12 15:02:01 | INFO  | cehost | main [15389] | [195744096] | CEHErrorReporting flag is disabled | CEHostProcess.cpp (87)
12/27/12 15:02:01 | INFO  | cehost | Verity [15389] | [1106618688] | Input CharSet : UTF-8 | VerityImpl.c (123)
12/27/12 15:02:01 | INFO  | cehost | Verity [15389] | [1106618688] | Plugin Initialized | VerityImpl.c (138)
12/27/12 15:02:02 | INFO  | cehost | main [15400] | [904126816] | CEHErrorReporting flag is disabled | CEHostProcess.cpp (87)
12/27/12 15:02:02 | INFO  | cehost | Verity [15400] | [1095686464] | Input CharSet : UTF-8 | VerityImpl.c (123)
12/27/12 15:02:02 | INFO  | cehost | Verity [15400] | [1095686464] | Plugin Initialized | VerityImpl.c (138)
12/27/12 15:02:02 | INFO  | cehost | main [15411] | [3383886176] | CEHErrorReporting flag is disabled | CEHostProcess.cpp (87)
12/27/12 15:02:02 | INFO  | cehost | Verity [15411] | [1116948800] | Input CharSet : UTF-8 | VerityImpl.c (123)
12/27/12 15:02:02 | INFO  | cehost | Verity [15411] | [1116948800] | Plugin Initialized | VerityImpl.c (138)

And the file /var/log/Vontu/debug/ContentExtractionAPI_FileReader.log contents:

12/27/12 15:02:01 | INFO  | ceapi | HostManager [15227] | [1152522560] | Received broken pipe message. The Host process has terminated. | HostManager.cpp (373)
12/27/12 15:02:01 | WARN  | ceapi | HostManager [15227] | [1152522560] | Host (id 15288) has terminated abruptly. Error - OS Error: 0 | HostManager.cpp (240)
12/27/12 15:02:01 | INFO  | ceapi | HostManager [15227] | [1152522560] | The host process exited with the exit code 0 | HostManager.cpp (212)
12/27/12 15:02:01 | INFO  | ceapi | HostManager [15227] | [1152522560] | Launched a new host process, id: 15389 | HostManager.cpp (97)
12/27/12 15:02:02 | INFO  | ceapi | HostManager [15227] | [1177749824] | Received broken pipe message. The Host process has terminated. | HostManager.cpp (373)
12/27/12 15:02:02 | WARN  | ceapi | HostManager [15227] | [1177749824] | Host (id 15389) has terminated abruptly. Error - OS Error: 0 | HostManager.cpp (240)
12/27/12 15:02:02 | INFO  | ceapi | HostManager [15227] | [1177749824] | The host process exited with the exit code 0 | HostManager.cpp (212)
12/27/12 15:02:02 | INFO  | ceapi | HostManager [15227] | [1177749824] | Launched a new host process, id: 15400 | HostManager.cpp (97)
12/27/12 15:02:02 | INFO  | ceapi | HostManager [15227] | [1152522560] | Received broken pipe message. The Host process has terminated. | HostManager.cpp (373)
12/27/12 15:02:02 | WARN  | ceapi | HostManager [15227] | [1152522560] | Host (id 15400) has terminated abruptly. Error - OS Error: 0 | HostManager.cpp (240)
12/27/12 15:02:02 | INFO  | ceapi | HostManager [15227] | [1152522560] | The host process exited with the exit code 0 | HostManager.cpp (212)
12/27/12 15:02:02 | INFO  | ceapi | HostManager [15227] | [1152522560] | Launched a new host process, id: 15411 | HostManager.cpp (97)
12/27/12 15:02:02 | WARN  | ceapi | ContentExtractor [15227] | [1159891264] | SessionClosedException occured, Exception thrown from : FileTypeIdentifierImpl.cpp(135) | FileTypeIdentifierImpl.cpp (72)

Does someone have same errors? How can it be corrected?

 

---
Best regards, Artem.

Comments 1 CommentJump to latest comment

Artem's picture

I received solution from Symantec DLP Support:

This is a known issue and you might want to consider upgrading to 11.5.1 and then apply an hotifx for the same.

Or you can also upgrade to 11.6.1 which has the hotfix already in the upgrade patch.

I updated the Symantec DLP system to version 11.6.1 and errors were no more.

 

---
Best regards, Artem.

SOLUTION