-
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
Created On
byJosh Kee
0 out Of 5 Stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |
You are here:
- KB Home
- Symantec Articles
- Symantec DLP Enforce
- How to obtain the Symantec DLP Server Log files: location and description
< Back
DLP provides many operational log files that can be used to interpret how the system is running.
In DLP 15.0 and earlier, the log folders are found in the following locations:
Linux: /var/log/SymantecDLP/
Windows: \SymantecDLP\Protect\logs\
In DLP 15.1 and newer, the log folders are found in the following locations:
Windows:
C:\ProgramData\Symantec\Data Loss Prevention\Enforce Server\15.1\logs\
C:\ProgramData\Symantec\Data Loss Prevention\Detection Server\15.1\logs\
Linux:
/var/log/Symantec/DataLossPrevention/Enforce Server/15.1/
/var/log/Symantec/DataLossPrevention/Detection Server/15.1/
| Log File Name | Description | Server |
| Aggregator0.log | This file describes communications between the detection
server and the agents. Look at this log to troubleshoot the following problems: ¦ Connection to the agents ¦ To find out why incidents do not appear when they should ¦ If unexpected agent events occur |
Endpoint detection
servers |
| BoxMonitor0.log | This file is typically very small, and it shows how the application processes are running. The BoxMonitor process oversees the detection server processes that pertain to that particular server type. For example, the processes that run on Network Monitor are file reader and packet capture. | All detection servers |
| ContentExtractor0.log | This log file may be helpful for troubleshooting
ContextExtractor issues. |
All detection servers,
Enforce Server |
| DiscoverNative.log.0 | Contains the log statements that the Network Discover native code emits. Currently contains the information that is related to ,pst scanning. This log file applies only to the Network Discover Servers that run on Windows platforms. | Discover detection
servers |
| FileReader0.log | This log file pertains to the file reader process and contains application-specific logging, which may be helpful in resolving issues in detection and incident creation. Look at this log file to find out why an incident was not detected. One symptom that shows up is content extractor timeouts | All detection servers |
| IncidentPersister0.log | This log file pertains to the Incident Persister process. This process reads incidents from the incidents folder on the Enforce Server, and writes them to the database. Look at this log if the incident queue on the Enforce Server (manager) grows too large. This situation can be observed also by checking the incidents folder on the Enforce Server to see if incidents have backed up. | Enforce Server |
| Indexer0.log | This log file contains information when an EDM profile is indexed. It also includes the information that is collected when the external indexer is used. If indexing fails then this log should be consulted. | Enforce Server (or
computer where the external indexer is running) |
| jdbc.log | This log file is a trace of JDBC calls to the database. By default, writing to this log is turned off. | Enforce Server |
| MonitorController0.log | This log file is a detailed log of the connections between the Enforce Server and the detection servers. It gives details around the information that is exchanged between these servers including whether policies have been pushed to the detection servers or not. | Enforce Server |
| PacketCapture.log | This log file pertains to the packet capture process that
reassembles packets into messages and writes to the drop_pcap directory. Look at this log if there is a problem with dropped packets or traffic is lower than expected. PacketCapture is not a Java process, so it does not follow the same logging rules as the other Symantec Data Loss Prevention system processes. |
All detection servers |
| PacketCapture0.log | This log file describes issues with PacketCapture
communications. |
All detection servers |
| RequestProcessor0.log | This log file pertains to SMTP Prevent only. The log file is primarily for use in cases where SmtpPrevent_operational0.log is not sufficient. | SMTP Prevent
detection servers |
| ScanDetail-target-0.log | Where target is the name of the scan target. All white spaces in the target’s name are replaced with hyphens. This log file pertains to Discover server scanning. It is a file by file record of what happened in the scan. If the scan of the file is successful, it reads success, and then the path, size, time, owner, and ACL information of the file scanned. If it failed, a warning appears followed by the file name. | Discover detection
servers |
| SmtpPrevent_operational0.log | This operational log file pertains to SMTP Prevent only. It is the primary log for tracking health and activity of a Mail Prevent system. Look at this file for information on the communications between the MTA and detection server. | SMTP Prevent
detection servers |
| Tomcat\Localhost.<date>.log | This log file contains information for any action that involves the user interface. The log includes the User Interface red error message box, password fails when logging on ) and Oracle errors (ORA –#). | Enforce Server |
| Tomcat\ Localhost_access_log.<date>.txt
|
This log contains the record of all URLs requested. | Enforce Server |
| VontuIncidentPersister.log | This log file contains minimal information –stdout and stderr only (fatal events). | Enforce Server |
| VontuManager.log | This log file contains minimal information –stdout and stderr only (fatal events). | Enforce Server |
| VontuMonitor.log | This log file contains minimal information –stdout and stderr only (fatal events). | All detection servers |
| VontuMonitorController.log | This log file contains minimal information –stdout and stderr only (fatal events). | Enforce Server |
| VontuNotifier.log | This log file pertains to the Notifier service and its
communications with the Enforce Server and the MonitorController service. Look at this file to see if the MonitorController service registered a policy change |
Enforce Server |
| VontuUpdate.log | This log file is populated when Symantec Data Loss
Prevention is updated. |
Enforce Server |
| WebPrevent_Access0.log | This access log file pertains to Web Prevent only. It records all the requests that Web Prevent processes. It is similar to Web access logs for a proxy server. | Web Prevent
detection servers |
| WebPrevent_Operational0.log | This operational log file pertains to Web Prevent only. It
reports the operating condition of Web Prevent such as whether the system is up or down, connection management, and so on. This log is the primary log file for tracking Web Prevent operations. |
Web Prevent
detection servers |
Was this article helpful?
0 out Of 5 Stars
| 5 Stars | 0% | |
| 4 Stars | 0% | |
| 3 Stars | 0% | |
| 2 Stars | 0% | |
| 1 Stars | 0% |