24
Symantec™ Event Agent 4.7 Release Notes
Symantec™ Event Agent 4.7Release Notes
Symantec™ Event Agent 4.7 Release Notes
Legal NoticeCopyright © 2009 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo are trademarks or registered trademarks of SymantecCorporation or its affiliates in theU.S. and other countries. Other namesmaybe trademarksof their respective owners.
This Symantec product may contain third party software for which Symantec is requiredto provide attribution to the third party (“Third Party Programs”). Some of the Third PartyPrograms are available under open source or free software licenses. The LicenseAgreementaccompanying the Software does not alter any rights or obligations you may have underthose open source or free software licenses. Please see theThird Party LegalNoticeAppendixto this Documentation or TPIP ReadMe File accompanying this Symantec product for moreinformation on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use,copying, distribution, and decompilation/reverse engineering. No part of this documentmay be reproduced in any form by any means without prior written authorization ofSymantec Corporation and its licensors, if any.
THEDOCUMENTATIONISPROVIDED"ASIS"ANDALLEXPRESSORIMPLIEDCONDITIONS,REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TOBELEGALLYINVALID.SYMANTECCORPORATIONSHALLNOTBELIABLEFORINCIDENTALOR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINEDIN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software andDocumentation are deemed to be commercial computer softwareas defined in FAR12.212 and subject to restricted rights as defined in FARSection 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights inCommercial Computer Software or Commercial Computer Software Documentation", asapplicable, and any successor regulations. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software andDocumentation by theU.S.Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation20330 Stevens Creek Blvd.Cupertino, CA 95014
http://www.symantec.com
Printed in the United States of America.
10 9 8 7 6 5 4 3 2 1
Chapter 1 Event Agent overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Overview .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Supported platforms .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 2 Installing and uninstalling the Event Agent . . . . . . . . . . . . . . . . . . . . 9
Preinstallation requirements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Installing the Event Agent ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Installing the Event Agent on Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Installing the Event Agent on Solaris ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Installing the Event Agent on Linux .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Uninstalling the Event Agent ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Uninstalling the Event Agent on Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Uninstalling the Event Agent on Linux and Solaris ... . . . . . . . . . . . . . . . . . . . . 14
Chapter 3 Managing the Event Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Event Agent Management with agentmgmt.bat utility ... . . . . . . . . . . . . . . . . . . . . . 15
Chapter 4 Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Improved performance by option to enable or disableencryption .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Failure notification and automated restart in Windows .... . . . . . . . . . . . . . . . . . . . 18Individual queue file size now configurable ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Uninstallation through the Add or Remove Programs applet in
Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Event Agent Data Bandwidth Management now possible ... . . . . . . . . . . . . . . . . . . 19
Chapter 5 Resolved Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Event Agent failure at full utilization of memory and diskallocation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Event Agent Installation Summary report ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Event Agent installation failure logging .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Event Agent installer now accepts third-party certificates ... . . . . . . . . . . . . . . . . 22Vulnerability issues addressed .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Contents
Event Agent unable to pull SSL Certificate from the Manager in caseof Turkish locale setting .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Event Agent Installation issues on Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Installation issues on Linux and Solaris ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Contents6
Event Agent overview
This chapter includes the following topics:
■ Overview
■ Supported platforms
OverviewThe Symantec Event Agent 4.7 release for the SSIM has several new features toenhance performance and stability. It now supports Windows Vista, WindowsServer2008,RedHatEnterpriseLinux5.0 andSolaris 10. Better agentmanagementis now possible with features to manage transport bandwidth and queueconfiguration. Symantec Event Agent 4.7 is compatible with Symantec SecurityInformation Manager (SSIM) versions 4.5 and 4.6.
Supported platformsThe following table presents a list of supported platforms and operating systems:
Table 1-1 presents a list of the supported platforms and operating systems:
1Chapter
Table 1-1 Supported platforms and operating systems
Operating systemsPlatform
■ Windows® XP Professional
■ Windows®2000 Professional
■ Windows® 2000 Server
■ Windows® 2000 Advanced Server
■ Windows® 2003 Standard Server (32-bit)
■ Windows®2003EnterpriseServer (32-bit)
■ Windows®2003EnterpriseServer (64-bit)
■ Windows® Vista Ultimate
■ Windows® Server 2008 Standard Edition(x86)
■ Windows® Server 2008 Standard Edition(x64)
■ Windows®Server2008EnterpriseEdition(x86)
■ Windows®Server2008EnterpriseEdition(x64)
Microsoft
■ Red Hat® Enterprise Linux AS 4.0
■ Red Hat® Enterprise Linux ES 4.0
■ RedHat® Enterprise Linux 5.0 Advancedplatform
■ Red Hat® Enterprise Linux 5.0 Server
Linux
■ Solaris ™ 9 (SPARC)
■ Solaris™ 10 (SPARC)
Solaris
VMWare ESX 3.5Virtual machines
Event Agent overviewSupported platforms
8
Installing and uninstallingthe Event Agent
This chapter includes the following topics:
■ Preinstallation requirements
■ Installing the Event Agent
■ Uninstalling the Event Agent
Preinstallation requirementsThe prerequisites for installing the Symantec Event Agent 4.7 are as follows:
■ The hostname should be resolvable from the computer on which you want toinstall Symantec Event Agent 4.7.
■ The install process stops if any previous installations of the Event Agent aredetected. You must uninstall all previous versions of the Event Agent tocontinue.
Note: You can only upgrade off-box Agents with this release. You cannot upgradeon-box Agents using this release.
Installing the Event AgentYou can install the Event Agent on the following platforms:
■ WindowsSee “Installing the Event Agent on Windows” on page 10.
2Chapter
■ SolarisSee “Installing the Event Agent on Solaris” on page 11.
■ LinuxSee “Installing the Event Agent on Linux” on page 12.
Installing the Event Agent on WindowsTo install the Event Agent on Windows
1 Download the installation file for Windows and the corresponding md5 filefrom the Download page of the Web configuration interface.
2 Verify the integrity of the downloaded installation file using the downloadedmd5 file.
3 Click on the install.exe file to start the installation process and then clickNext.
4 The Choose Install folder panel displays.
The installation process stops if any previous installations are detected. Youcan continue only after the detected installation is removed.
See “Uninstalling the Event Agent” on page 13.
5 Browse and select the destination folder for the installation files or retainthe default folder and click Next.
6 Enter the IP address or host name of the SSIM serverwhenprompted. Ensurethat you check the option box for RunConnectionandcommunicationtestsduring installation and then click Next.
7 The connection to the appliance is checked. On a successful connection tothe appliance, a Connectivity Test was successful message is displayed.
In case the connection is not successful, check the connectivity and try again.Click Next to continue.
The panel to install a 3rd Party CA root certificate displays.
8 ClickNext to continue. If youwant to install a third-party CA root certificate,enable the option box for installing the third-party CA root certificate andthen click Next.
9 Click theChoose option and browse to the folder that contains the certificate.
A list of available certificates in that folder is displayed.
10 Select the required certificate and then click Next.
The Pre-Installation Summary panel displays the product name, installationfolder, the SSIM server IP address and the disk space information.
Installing and uninstalling the Event AgentInstalling the Event Agent
10
11 Click Install. The Verify Agent communications panel displays.
12 Click Next to continue. The Install Complete panel displays with theinstallation folder.
See “Event Agent Installation issues on Windows” on page 22.
Installing the Event Agent on SolarisTo install the Event Agent on Solaris
1 Connect to the appliance using an account with administrative privilegeseither by using an SSH client or by logging on locally. Youmust log on as rootto install the Event Agent.
2 Download the following files to the /tmp folder from the download links forSolaris Client. The download links are found on the download page of thethin client of the SSIM appliance.
symevtagent_solaris_r4.7.0.0xx.md5sum andsymevtagent_solaris_r4.7.0.0xx.tar.gz
Note: xx should be replaced with the build number of the release.
Youmust use binarymodewhen transferring the files to the appliance. SomeFTP utilities use ASCII mode by default, which corrupts the installation file.
3 Verify the integrity of the downloaded .tar file by using md5sum.
Note: Both the .md5sum and .gz files must be present in the same directoryfor md5sum to execute correctly. For more information on md5sum, see theman pages.
4 To unpack the Event Agent 4.7 release, execute the commands:
gunzip symevtagent_solaris_r4.7.0.0xx.tar.gz
tar -xvf symevtagent_solaris_r4.7.0.0xx.tar
Note: xx should be replaced with the build number of the release.
This command creates an Agent directory and unpacks the installation fileto it.
5 Change directories to the Event Agent 4.7 release folder as shown:
cd Agent
11Installing and uninstalling the Event AgentInstalling the Event Agent
6 Execute the following command:
sh install.sh
The installation process stops if any previous installations are detected. Youcan continue only after the detected installation is removed.
See “Uninstalling the Event Agent” on page 13.
7 Enter the destination folder path or accept the default path to continuewhenprompted.
8 Enter the IP address or hostname of the SSIM server when prompted. Theconnection to the SSIM appliance is checked and a message is displayed ifthe connection is successful.
9 If you want to install third-party CA root certificates, enter the path for thefolder that contains the certificates when prompted.
See “ Installation issues on Linux and Solaris” on page 23.
Installing the Event Agent on LinuxTo install the Event Agent on Linux
1 Connect to the appliance using an account with administrative privilegeseither by using an SSH client or by logging on locally. Youmust log on as rootto install the Event Agent.
2 Download the following files to the /tmp folder from the download links forLinux Client. The download links are found on download page of the Webconfiguration interface of the SSIM.
symevtagent_linux_r4.7.0.0xx.tar.gz andsymevtagent_linux_r4.7.0.0xx.md5sum
Note: xx should be replaced with the build number of the release.
Use binarymode to transfer the files to the appliance. Some FTP utilities useASCII mode by default, which corrupts the installation file.
3 Verify the integrity of the downloaded .tar file by using md5sum.
Note: Both the .md5sum and .gz files must be present in the same directoryfor md5sum to execute correctly. For more information on md5sum, see theman pages.
Installing and uninstalling the Event AgentInstalling the Event Agent
12
4 Unpack the Event Agent 4.7 release by executing the following command:
gunzip symevtagent_linux_r4.7.0.0xx.tar.gz
tar -xvf symevtagent_linux_r4.7.0.0xx.tar
Note: xx should be replaced with the build number of the release.
This command creates an Agent directory and unpacks the installation fileto it.
5 Change directories to the Event Agent 4.7 release folder by executing thefollowing command:
cd Agent
6 Execute the following command:
sh install.sh
The installation process stops if any previous installations are detected. Youcan continue only after the detected installation is removed.
See “Uninstalling the Event Agent” on page 13.
7 Enter the destination folder path or accept the default path to continuewhenprompted.
8 Enter the IP address or hostname of the SSIM server when prompted. Theconnection to the SSIM appliance is checked and a message is displayed ifthe connection is successful.
9 If you want to install third-party CA root certificates, enter the path for thefolder which contains the certificates when prompted.
See “ Installation issues on Linux and Solaris” on page 23.
Uninstalling the Event AgentYou can uninstall the Event Agent installation on Windows, Linux, or Solaris ifrequired using the following options.
■ Uninstalling the Event Agent on Windows See “Uninstalling the Event Agenton Windows” on page 13.
■ Uninstalling the EventAgent on Linux and SolarisSee “Uninstalling the EventAgent on Linux and Solaris” on page 14.
Uninstalling the Event Agent on WindowsUse one of the following methods to uninstall the Event Agent:
13Installing and uninstalling the Event AgentUninstalling the Event Agent
■ Remove theEventAgentprogramthrough theAddorRemoveProgramsapplet.This feature is applicable only for Symantec Event Agent 4.7 release.Note: Add or Remove Programs is known as Programs and Features in all theversions of Windows 2008.
■ Execute the Uninstall Symantec Event Agent.exe file in the Event Agentfolder.
Uninstalling the Event Agent on Linux and SolarisIf you want to uninstall the Event Agent, change to the Event Agent installationfolder and run the install.sh script with the –u switch as follows:
./install.sh -u
Installing and uninstalling the Event AgentUninstalling the Event Agent
14
Managing the Event Agent
This chapter includes the following topics:
■ Event Agent Management with agentmgmt.bat utility
Event AgentManagementwith agentmgmt.bat utilityThe following table lists the options that are available when you run theagentmgmt.bat utility:
Table 3-1 Options available with the agentmgmt.bat utility
InformationOption
Shows the following information about theAgent status:
■ Port to which it is connected
■ Connection status
■ Number of events received
■ Number of events sent
■ Name of the server it is connected to
Option 1
Show Agent Status
Forces theAgent to reconnect and senddatato the server.
If Agent is in disconnected mode, thenflushing the queue resets the Agent toconnected mode and send events to theserver.
Option 2
Flush Agent Queue
Reloads the Agent configuration from theSSIMappliancewithout restarting theAgent
Option 3
Reload Agent Configurations
3Chapter
Table 3-1 Options available with the agentmgmt.bat utility (continued)
InformationOption
Forces Agent to send information aboutsoftware inventory and state updates toLDAP directory.
Option 4
Force Agent to send its Software Inventoryand state Updates
Opens the log files to see using Swing basedUI.
Note: Selecting this option displays an errorif UI is not supported on the Linux andSolaris terminal.
Option 5
View log files
Re-Bootstraps the Agent to the existing ordifferent server, used to reconnect to thesame appliance or different appliance.
Option 6
Force Re-Bootstrap of Agent to same ordifferent server
Gathers the data suchas logs, configurationswhich are added into a zip file namedsesa-<HostName>-<guid>.zip.
Option 7
Gather data for Technical Support
Changes the log level to debug.Option 8
Enable or disable Collector Debug
Starts the Agent.Option 9
Start the Agent
Stops the Agent.Option 10
Stop the Agent
Quits the menu-based script file.Option 11
Quit the menu
Managing the Event AgentEvent Agent Management with agentmgmt.bat utility
16
Enhancements
This chapter includes the following topics:
■ Improved performance by option to enable or disable encryption
■ Failure notification and automated restart in Windows
■ Individual queue file size now configurable
■ Uninstallation through the Add or Remove Programs applet in Windows
■ Event Agent Data Bandwidth Management now possible
Improvedperformanceby option to enable or disableencryption
By default, the configuration property for using the event port service is set tooff on theoff-boxEventAgent. This setting causes theEventAgent to communicatewith the appliance over a secure channel using HTTPS. You can now configurethe Event Agent to use event service port (10012) to send unencrypted events tothe appliance. For better performance by the Event Agent, set theUseDirectEventPort configuration parameter to 1 in the configprovider.cfg filethat is located in the Event Agent Installation directory.
Note: If there is a communication issuewith port 10012, the EventAgent switchesover to the default port 443. It then sends the events in an encrypted form. Aftera predefined interval, the Event Agent retries to send events through the port10012.
You can configure the following parameters in the configprovider.cfg file usingany available text editor as required:
■ EventfeederswitchbackTime: Defines the time after which it tries to switchback to the port 10012.
4Chapter
■ EventfeederRetrycount: Defines the number of times the Event Agent retriesto send events on the port 10012
■ EventfeederRetry interval: Defines the interval between two retries.
Note: When the Event Agent is configured to use the Event Service port 10012 tosend unencrypted events, some network traffic still flows through port 443. Thistraffic is observed because port 443 is still used for routine communications suchas bootstrapping and configuration information.
Failurenotificationandautomated restart inWindowsA watchdog process within the Agent Manager detects when an Event Agent hasfailed and attempts to restart the Event Agent.
If the Agent Manager finds that the Event Agent does not send events:
■ It checks whether there are any events present in the queue.
■ If events are present in the queue, then it checks whether the applianceresponds or not.
■ If the appliance responds, the Agent Manager concludes that the Event Agenthas stalled and restarts the Event Agent.
■ In case the appliance does not respond; then the Agent Manager shuts downtheEventAgent and restarts theEventAgent only after the appliance responds.
■ In case the Agent Manager is unable to check the event- sending status of theEvent Agent after 20 attempts, it tries to restart the Event Agent.
When the Event Agent fails, an error is logged in the sesa-agent.log file. TheEvent Manager sends an event, which contains the Event Agent version numberto the SSIM appliance. The sesa-agent.log file is located in the Event AgentInstallation Folder under the logs subfolder.
When the Event Agent restarts, the AgentManager generates an event and sendsit to the SSIM appliance. The event contains the last 10 lines of the log filesesa-agent.log which provide information about the Event Agent failure andrestart.
Note: The Agent Manager is always on by default. It has to be explicitly turnedoff by the user if required.
The Agent Manager feature is implemented only on the Symantec Event Agent4.7 for Windows.
To turn off the Agent Manager, run the following command:
EnhancementsFailure notification and automated restart in Windows
18
net stop agentmanagerstart
To turn on the Agent Manager, run the following command:
net start agentmanagerstart
Individual queue file size now configurableThe maximum size for an individual queue file can now be configured throughthe filesize parameter in the property file agentqueue.cfg.
The installer generates the agentqueue.cfg filewhich is stored in theEventAgentinstallation directory. Use any available text editor to edit and save changes tothe file.
Note: You must restart the Event Agent after any modifications are made to theparameters in the agentqueue.cfg file.
Uninstallation through the Add or Remove Programsapplet in Windows
Youcannowunistall SymantecEventAgent4.7 forWindows through theProgramsand Features applet .
Note: TheAdd or remove Programs applet is knownas the Programs andFeaturesapplet in all the versions of Windows 2008.
Event Agent Data Bandwidth Management nowpossible
You can now specify the throttling schedule to limit the bandwidth as required.
The Event Agent can be configured to accept the throttling schedule from theuser.
The throttling schedule is set through the key value ThrottlingSchedule in theconfigprovider.cfg file using any available text editor.
For an example, the scheduling information in the configprovider.cfg file isshown:
ThrottlingSchedule=0,1,2,3 12:30 15:30 1024B; 2,5,4 15:30 19:30 2K;
Here the semi colon (;) denotes the end of schedule information.
19EnhancementsIndividual queue file size now configurable
Schedules are denoted in the file is as follows:
■ First ScheduleOn Sunday, Monday, Tuesday, and Wednesday between the time 12:30 and15:30, the Event Agent can use 1024 bytes per sec of bandwidth.
■ Second scheduleOn Tuesday, Friday, Thursday between the time 15:30 and 19:30, the EventAgent can use 2K/sec(2048 bytes per sec) of bandwidth.
If bandwidth is not specified for some duration or some day, then the EventAgentuses maximum possible bandwidth available.
Note:Youmust restart the EventAgent to apply throttling configuration changes.
EnhancementsEvent Agent Data Bandwidth Management now possible
20
Resolved Issues
This chapter includes the following topics:
■ Event Agent failure at full utilization of memory and disk allocation
■ Event Agent Installation Summary report
■ Event Agent installation failure logging
■ Event Agent installer now accepts third-party certificates
■ Vulnerability issues addressed
■ EventAgent unable to pull SSLCertificate from theManager in case of Turkishlocale setting
■ Event Agent Installation issues on Windows
■ Installation issues on Linux and Solaris
Event Agent failure at full utilization of memory anddisk allocation
TheEventAgent failedwhen full utilization ofmemory or the disk space occurredand the memory allocation was exceeded. The issue is now resolved. Using newmemory calculation algorithms, the Event Agent stops sending data when thememory capacity has been exhausted. It also sends out a request to collectors tostop sending events and restarts when memory is available.
Event Agent Installation Summary reportThe summary report that is generated after an installation did not reflect theInformationManager IP address or host name. The Installation Summary Report
5Chapter
has now been revised to include the name and IP address of the InformationManager after a successful installation.
Event Agent installation failure loggingIn the case of an Event Agent installation failure or a Test connection failure, thefailure, and the reason were not logged. In Symantec Event Agent 4.7, the causeof the failure is logged and written to the agntinst.log file in the Event Agentinstallation folder.
Event Agent installer now accepts third-partycertificates
The installation for the Symantec Event Agent fails when the user tries to installa third-party certificate instead of the included self-signed certificate. The issuehas been resolved by including an option in the installation process, which allowsthe user to import and use third-party certificates, if required.
Vulnerability issues addressedUpgrades to JDK/JRE 10 address the Java Runtime vulnerabilities.
Event Agent unable to pull SSL Certificate from theManager in case of Turkish locale setting
Symantec EventAgent 4.7 is nowable to pull the SSL certificate from themanagerand installs successfully.
Event Agent Installation issues on WindowsThe following table lists possible scenarios in which the Event Agent Installationon Windows aborts and the corresponding solution.
Table 5-1
SolutionObservationScenario
Uninstall the previouslyinstalledEventAgent and tryto install again.
The installer checks forprevious installation andaborts.
A previous installation of theEvent Agent exists.
Resolved IssuesEvent Agent installation failure logging
22
Table 5-1 (continued)
SolutionObservationScenario
Remove the folder:c:\Program Files\CommonFiles\Symantec Shared\SESand install again.
The installer uses those filesfordeterminationofpreviousinstallation.
A previous uninstall actiondoes not delete all therelevant files.
Agent installs successfully toany folder having valid nameconcerning the OS and thelocale.
Use valid name for folder.
Communication test failedstating : You do not haveadministrative rights.
Special characters arespecified in the path forinstallation folder.
Uninstall the Event Agentand install with correct IPaddress of appliance.
As specified IP does notbelong to appliance, theEvent Agent cannot beinstalled correctly but showsas installed successfully.
Option check box is disabledfor Run connection andcommunication tests andincorrect IP address isentered.
Install a new third-partycertificate.
The Event Agent installs butcannot pass communicationtest case because third-partycertificate is not present.
A third-party certificate isnot installed and server isconfigured to use third-partycertificate.
Do not check the option toinstall third-party certificateif it does not exist or is notprovided.
This issue might occur dueto inconsistency in provideddata.
If installer checks forthird-party certificateinstallation anddoesnot findit then communication testfails.
Uninstall the Event Agentand install with properthird-party certificate.
The Event Agent installs butdoesnotpasscommunicationtest case because third-partycertificate is not present orincorrect.
An invalid certificate isprovided.
Installation issues on Linux and SolarisThe following table lists possible scenarios in which the Event Agent Installationon Linux or Solaris aborts and the corresponding solution.
23Resolved IssuesInstallation issues on Linux and Solaris
Table 5-2
SolutionObservationScenario
Uninstall the previouslyinstalledEventAgent and tryto install again.
Installer checks for previousinstallation and aborts.
A previous installation ofEvent Agent exists.
On Linux, Remove:/tmp/agentinst.dat
On Solaris Remove:/var/tmp/agentinst.dat
Installer uses those files fordetermination of previousinstallation and aborts.
A previous uninstall actiondoes not delete all therelevant files.
The Event Agent installssuccessfully to any folderhaving valid nameconcerning the OS and thelocale. Use valid name forfolder
The Event Agent is notinstalled.
Special characters arespecified in the path forinstallation folder.
Uninstall Event Agent andinstall with the correct IPaddress of the appliance.
As specified IP does notbelong to appliance, theEvent Agent cannot beinstalled correctly but showsas installed successfully.
Incorrect IP address isspecified in the installationprocess.
Install the third-partycertificate that is used byserver and reinstall theEventAgent.
The Event Agent does notbootstrap.
A third-party certificate isnot installed and server isconfigured to use third-partycertificate.
Run the installation scriptwith the valid argumentsonly.
Invalid command-lineargument causes the scriptto fail.
If invalid command-lineoptions are specified in theinstallation script, then theinstallation continues forsome time and then aborts.
Example:
./install.sh -ggg
Note: Theuninstallation process deletes all the files from theprevious installation.However in case all the file are not deleted, re-installation of the Event Agentcannot continue.
To continue with the installation process
1 Delete the /etc/symantec/ses folder.
2 Delete the agentinst.dat file from the /var/tmp folder.
Resolved IssuesInstallation issues on Linux and Solaris
24
