-
Symantec Articles
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
Netskope Articles
- Articles coming soon
-
CloudKnox Articles
- Articles coming soon
-
O365
- Articles coming soon
-
DLP Programmes
-
How To Guides
Created On
byJosh Kee
2.8 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 50% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 50% |
You are here:
< Back
FileReader restarts usually occur due to timeout issues. These timeouts are generally caused by the following:
- Connectivity issues with the Monitor Controller or Network
- Poorly written RegEx Rules
- A bad email message. Bad messages can be caused by incorrect header information or foreign characters in the message that Symantec DLP is unable to process
If the FileReader restarts itself occasionally, this is normal behavior. However, if you are experiencing consistent FileReader restarts in your environment, there are a few things you can do to determine the cause:
- FileReader may fail to start (and restart) if it can’t receive all the configuration information it needs. To troubleshoot the exact cause, look in the FileReader log first to identify which FileReader subsystem isn’t starting. Once it’s identified that a particular subsystem isn’t receiving its configuration, one should look in the MonitorController log to see if the corresponding subsystem has been initialized successfully. One of the common failures is inability to ignite cryptographic keys in the MonitorController because the ignition password on the disk got out of sync with the Administrator password in the database. In this case the password issue must be fixed and only after that should the MonitorController be restarted. Look at the VontuMonitorController.conf file in the config directory. Check the java heap size. If it is the default value of 128 and 256, you will probably need to increase the memory setting of the heap depending on the RAM available on the server.
- Too many exceptions in policies. Each new exception, while improving the ability to “short-circuit” detection, also has the knock-on effect of multiplying the size of the overall detection matrix – all of which is loaded into memory when FileReader starts. While there is no exact limit on the total number of exception, a good rule of thumb is that more than 10 exceptions in a policy will start to have an impact at some point – after which the next exception may result in FileReader being unable to load.
- Check to make sure the MessageChain.CacheSize & MessageChain.NumChains match the CPU Cores.
- Check your policies. Oftentimes FileReader restarts will occur because of a particular policy. For example, if a Regex in a particular policy exceeds given thresholds (such as maximum component time), then the FileReader will restart. Look at the log files for the “intentionally restarting process” message which identifies the message chain component causing the restart. If this component is “Detection” the most likely cause is a poorly written regular expression.
- Check for “bad” messages. Save the *.vpcap file that contains the message in question. You can use the file for testing without having to actually send the message again.
- Check for locked *.vpcap files.
- Stop Packet Capture so that you do not get noise in the test. Start FileReader process. If the *.vpcap file gets picked up, the inductor is working. If the inductor is not working, find out why. The most common problem is that some process has a lock on the files. Other than that, collect the FileReader log and contact support.
- If the inductor is working, the problem may be in the Layer 7 Parser or the Content Extractor. Visually inspect the FileReader log for any exceptions, warnings or severe log messages.
- While the Content Extractor can often have problems processing various file formats it can rarely, if ever, be blamed for a FileReader restart.
- Dying threads can cause FileReader to stop reporting heartbeats and eventually be restarted. Look in VontuMonitor.log for exceptions. Each exception in that log file is an indicator of a serious problem (Java crash or other defect) and is a likely cause of a FileReader restart.
Was this article helpful?
2.8 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 50% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 50% |