Data Center Security

 View Only
  • 1.  DCS agent is online, connected to DCS server but not sending events

    Posted Mar 02, 2017 03:11 AM

    Hi

    How do I troubleshoot a DCS agent that is reporting to the DCS server and showing online, but yet no events are being sent from the agent. Somewhere the agent stopped reporting events for a week now.

    I can login to the server and run event monitor. I see events for both prevention and detection, but under the Management tab - nothing, complete blank.

    What could be the cause ? Will a re-install of the agent work? I have prevention enabled?



  • 2.  RE: DCS agent is online, connected to DCS server but not sending events

    Posted Mar 02, 2017 10:44 AM

    Create a troubleshooting version of the Common Config. Change the settings to match my screen cap. Apply it to the asset and see if it helps.

    2017-03-02 10_41_44-DCSM_LAB - Symantec Data Center Security Server 6.7.png



  • 3.  RE: DCS agent is online, connected to DCS server but not sending events
    Best Answer

    Posted Mar 02, 2017 07:56 PM

    I have seen the hidsfilepointer file become corrupt.  Try this:

    Stop the agent services, delete the %programfiles%\Symantec\Critical System Protection\Agent\IPS\hidslog1rtfilepointer file then start the services.  That file will be re-created at service start.  



  • 4.  RE: DCS agent is online, connected to DCS server but not sending events
    Best Answer

    Posted Mar 03, 2017 01:02 AM

    Thanks, customer has decided to uninstall, but the uninstall itself tool very very long .