14.6 Issues on Security Agent for UNIX

14.6.1 Unable to Connect to Port

Issue: Security Agent for UNIX is not able to connect to port 8094.

Workaround: Check whether the port 8094 is running:

netstat -an | grep 8094

14.6.2 Unable to Run the Services

Issue: Security Agent for UNIX services are not running.

Workaround:

  1. Check if the detectd and auditd services are running:

    ps -ef | grep "detect"

    ps -ef | grep "auditd"

  2. (Conditional) If the services are not running, restart the following services:

    1. Restart vigilentagent service:

      ./vigilentagent.rc restart

    2. Go to the - /usr/netiq/pssetup directory and run the following command:

      ./detectd.rc restart

    3. Restart auditd service:

      service auditd restart

14.6.3 Policies Are Not Applied to the Agent

Issue: The policies are not applied to the Security Agent after it is assigned using Policy Editor.

Workaround: To verify whether the policies are applied to the agent after they are assigned in Policy Editor, check if the <rule>.xml file is created in the computer in the following directory:

/usr/netiq/vsau/etc/detectd.d/groups/<platformauditobject>/rules/

14.6.4 Events are not Generated After Configuring Security Agent for UNIX

Issue: Security Agent for UNIX fails to send events to the Change Guardian Server if the locale setting is incorrect. (Bug 1102111)

Workaround: Ensure that the following is set:

  1. The path is set at the operating system: SET_PERL_LIBPATH=1; ./etc/vsaunix.cfg

  2. The locale variables are added to the /etc/profile file:

    • export LC_CTYPE=en_US.UTF-8

    • export LC_ALL=en_US.UTF-8

14.6.5 Cannot Browse User While Creating Policies

Issue: User Browse option does not work while creating policies using Policy Editor.

Workaround: To enable browsing for UNIX data sources while creating a policy, the computer where you install the Policy Editor must have a Change Guardian Agent for Windows. If you do not install an agent on the machine running Policy Editor, you must manually enter the data source paths while creating a policy.

To enter the data source paths:

  1. (Conditional) If your operating system is 32-bit, in the registry \HKLM\Software\NetIQ\ChangeGuardianAgent\repositoryEnabled set the repositoryEnabled flag to 1.

  2. (Conditional) If your operating system is 64-bit, in the registry \HKLM\SOFTWARE\Wow6432Node\NetIQ\ChangeGuardianAgent\repositoryEnabled set the repositoryEnabled flag to 1.

  3. Restart the Change Guardian Agent for Windows.

14.6.6 Collecting Agent Logs

You can use Agent Manger to collect logs from Security Agent for UNIX. You must install the agent using Agent Manager to be able to collect the agent logs.

You cannot set debug levels to agent log collection. The logs are collected based on whatever debug level is set in the agent.

To collect agent logs:

  1. In Agent Manager, select the agent under All Assets.

  2. Click Manage Installation > Collect Agent Logs > Start Log Collection.

  3. In the Completed Tasks tab, click Download Agent Logs.

    NOTE:You can download a log only once. For an agent, you can download the log that you collected last. The previously collected logs are overwritten every time you click Collect Agent Logs for that agent.