About external storage for incident attachments for Data Loss Prevention (DLP).
About external storage for incident attachments
You can store incident attachments such as email messages or documents on a file system rather than in the Symantec Data Loss Prevention database. Storing incident attachments externally saves a great deal of space in your database,
providing you with a more cost-effective storage solution.
You can store incident attachments either in a directory on the Enforce Sever host computer, or on an stand-alone computer. You can use any file system you choose. Symantec recommends that you work with your data storage administrator to set up an appropriate directory for incident attachment storage.
To set up an external storage directory, Symantec recommend these best practices:
After you have set up your storage location you can enable external storage for incident attachments in the Upgrade Wizard. all new incident attachments will be stored in the external storage directory.
In addition, a migration process runs in the background to move your existing incident attachments from the database to your external storage directory. Incident attachments in the external storage directory cannot be migrated back to the database. Incident attachments stored in the external storage directory are encrypted and can only be accessed from the Enforce Server administration console.
The incident deletion process deletes incident attachments in your external storage directory after it deletes the associated incident data from your database. This process happens overnight; files are not deleted immediatly. You do not need to take any special action to delete incidents from the external storage directory.
To change the settings for external storage of incident attachments
If you did not configure the incident attachment external storage directory during the installation or upgrade process, you
can enable or update external storage settings in the Protect.properties configuration file. You can also disable
external storage of incident attachments in this file.
1. On the Enforce Server host, open the following file in a text editor:
Microsoft Windows: \Program Files\Symantec\DataLossPrevention\EnforceServer
2. Enable incident attachment external storage:
3. Specify the path to the external storage directory:
com.symantec.dlp.incident.blob.externalization.dir=<PATH TO DIRECTORY>
4. Save the file.
5. Restart the SymantecDLPManagerService and SymantecDLPIncidentPersisterService services
**Please note the direction of the slashes, they are opposite of Windows. If the windows pathway is used "D:\incidents" it will fail. it needs to be specified as "D:/Incidents"