11.3 Issues on Change Guardian Agent for UNIX

11.3.1 Agent Not Listed After Installation

Issue: After a successful installation of the UNIX Agent, the agent does not list under the Agent Health page.

Workaround: Reconfigure the agent through Agent Manager.

11.3.2 Unable to Connect to Port

Issue: Change Guardian Agent for UNIX is not able to connect to port 8094.

Workaround: Check whether the port 8094 is running:

netstat -an | grep 8094

11.3.3 Unable to Run the Services

Issue: Change Guardian Agent for UNIX services are not running.

Workaround:

  1. Check if the detectd and auditd services are running:

    ps -ef | grep "detect"

    ps -ef | grep "auditd"

  2. (Conditional) If the services are not running, restart the following services:

    1. Restart auditd service:

      service auditd restart

    2. Go to the - /usr/netiq/pssetup directory and run the following command:

      ./detectd.rc restart

    3. Restart vigilentagent service:

      ./vigilentagent.rc restart

11.3.4 Policies Are Not Applied to the Agent

Issue: The policies are not applied to the Change Guardian Agent for UNIX after it is assigned using Policy Editor.

Workaround: To verify whether the policies are applied to the agent after they are assigned in Policy Editor, check if the <rule>.xml file is created in the computer in the following directory:

/usr/netiq/vsau/etc/detectd.d/groups/<platformauditobject>/rules/

11.3.5 Events are not Generated After Configuring Change Guardian Agent for UNIX

Issue: Change Guardian Agent for UNIX fails to send events to the Change Guardian Server if the locale setting is incorrect. (Bug 1102111)

Workaround: Ensure that the following is set:

  1. The path is set at the operating system: SET_PERL_LIBPATH=1; ./etc/vsaunix.cfg

  2. The locale variables are added to the /etc/profile file:

    • export LC_CTYPE=en_US.UTF-8

    • export LC_ALL=en_US.UTF-8

11.3.6 Collecting Agent Logs

You can use Agent Manger to collect logs from Change Guardian Agent for UNIX. You must install the agent using Agent Manager to be able to collect the agent logs.

You cannot set debug levels to agent log collection. The logs are collected based on whatever debug level is set in the agent.

To collect agent logs:

  1. In Agent Manager, select the agent under All Assets.

  2. Click Manage Installation > Collect Agent Logs > Start Log Collection.

  3. In the Completed Tasks tab, click Download Agent Logs.

    NOTE:You can download a log only once. For an agent, you can download the log that you collected last. The previously collected logs are overwritten every time you click Collect Agent Logs for that agent.