Cybersecurity
DevOps Cloud
IT Operations Cloud
Summary
Loggerd service may not start and systemd/systemctl may not be able to run its service.
Products
ArcSight Logger
Environment
Software Logger 7.x on RHEL 8.5
Situation
The Linux systemd is unable to start the loggerd service either manually or after reboot.
Cause
It was discovered SELinux was the cause as temporarily disabling (setenforce 0) it allowed loggerd service to start
Resolution
Note: Confirm from your environment as logger path may differ.
sudo semanage fcontext -a -t bin_t '/opt/arcsight/current/arcsight/logger/bin/loggerd'
sudo restorecon -R -v /opt/arcsight/current/arcsight/logger/bin/loggerd
Additional Information
An issue with the ReportEngine not sending email reports was also resolved after this workaround, perhaps as a result of the permissions.
URL Name
KM000010220