Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Unix Filesystem Scanning

Created: 13 Nov 2012 | 2 comments
Joe Saland's picture

I'm trying to do a unix filesystem scan (RedHat ES 4) using 11.6.  I've installed the scan tool,  setup a discover target and started the target scan,  then started the FileSystemScanner_Console command.  Nothing seems to be happening though.

 

My console just shows:

Nov 13, 2012 1:53:07 PM com.vontu.autonomy.controller.ScannerController main
INFO: starting ScannerController with args: ./../config/ScannerController.properties
Nov 13, 2012 1:53:09 PM com.vontu.autonomy.controller.ScannerController cleanWorkingDir
INFO: cleaning working directory: /opt/FileSystemScanner/bin/Clean
Nov 13, 2012 1:53:13 PM com.vontu.autonomy.controller.ScannerController logReader
INFO:

Nov 13, 2012 1:53:15 PM com.vontu.autonomy.controller.ContentCollectorController start
INFO: starting ContentCollectorController
Nov 13, 2012 1:53:15 PM com.vontu.autonomy.controller.ProcessWrapper start
INFO: starting ProcessWrapper; command = /opt/FileSystemScanner/scanner/VontuFileSystemScanner.exe; image name = VontuFileSystemScanner.exe
 

All the processes seem to be running:

root     30458 19398  0 13:52 pts/147  00:00:00 /bin/sh /usr/local/bin/FileSystemScanner_Console
root     30504 30458  0 13:52 pts/147  00:00:00 /opt/FileSystemScanner/jre/bin/java -Dinstall4j.jvmDir=/opt/FileSystemScanner/jre -Dexe4j.moduleName=/opt/FileSystemScanner/bin/FileSystemScanner_Console -Djava.util.logging.config.file=./../config/ScannerControllerLogging.properties -Di4j.vmov=true -Di4j.vmov=true -Di4j.vmov=true -Di4j.vmov=true -Di4j.vmov=true -classpath /opt/FileSystemScanner/.install4j/i4jruntime.jar:/opt/FileSystemScanner/lib/jar/discoverconnectorcontroller.jar com.install4j.runtime.Launcher launch com.vontu.autonomy.controller.ScannerController false false   true true false  true true 0 0  20 20 Arial 0,0,0 8 500 version 11.6 20 40 Arial 0,0,0 8 500 -1 ./../config/ScannerController.properties
root     30948 30504  0 13:53 pts/147  00:00:06 /opt/FileSystemScanner/scanner/VontuFileSystemScanner.exe

I've validated that port 8090 is opening and listening on the Discover server and that I can connect to it from the redhat box.

The scan started over 20 minutes ago and I've had no activity since.  Can anyone help shead some light on this for me?  Where should I be looking for why it's stalled?  I don't see updates to any of the files or logs under /opt/FileSystemScanner since the scan started.

Comments 2 CommentsJump to latest comment

kishorilal1986's picture

 

Hi Joe,
Please refer below you will get some idea to resolve the issue
 
The following remote Windows systems can be scanned:
■ Windows 2000
■ Windows 2003, 32-bit
■ Windows XP, 32-bit
The following Linux file systems can be scanned:
■ x86 32-bit, Red Hat Enterprise Linux AS 4
 

 

File systems on UNIX systems can also be scanned using the SFTP protocol. This
protocol provides a method similar to share-based file scanning, instead of using
the File System Scanner. Contact Symantec Professional Services for details.
 
The File System Scanner must be installed on the computer with the file system
you want to scan.
On Linux, AIX, and Solaris, the root user must install the scanner.If a user other than the one who installed the scanner wants to run it, permissions must be changed. On Linux, AIX, and Solaris, appropriate permissions must be given to the directories and files.
 
To install the file system scanner
 
1 On the computer with the file system to scan, download or copy (as binary) the relevant installation file to a temporary directory. The file is located in the
 
DLPDownloadHome\Symantec_DLP_11_Win\Scanners or
DLPDownloadHome/Symantec_DLP_11_Lin/Scanners directory, where
DLPDownloadHome is the name of the directory in which you unzipped the
Symantec Data Loss Prevention software.The file is one of the following file names:
 
■ FileSystemScanner_Unix_11.0.sh (for Linux systems)

 

joydeep's picture

Hi All,

i am basically facing the same issue while scanning AIX and HPUX boxes using the DLP scanner solutioin.

The DLP 11.6.1 Admin guide clearly states
"File systems on UNIX systems can also be scanned using the SFTP protocol. This protocol provides a method similar to share-based file scanning, instead of using the File System Scanner. Contact Symantec Professional Services for details."

But there is no documentation available to get this done. SFTP is the most basic and commonly used method of file acces and symantec should be helping their customers to get this implemented.
Any help in this regard will be appreciated.