System Monitoring Best Practices using Prevent

book

Article ID: 159637

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email Data Loss Prevention Enforce

Issue/Introduction

Best Practices for System Monitoring with Symantec DLP Network Prevent

Resolution

System Monitoring Best Practices - Prevent

The chart below provides a summary of recommended methods that can be used to monitor the health and availability of your SymantecDLP Network Prevent system. Note that this document is supplementary to the System Maintenance and Admin guides.


Objective Best Practice

  • Verify availability of and connectivity to the Network Prevent Server.  
  • Periodic pings to the Network Prevent servers from the MTA
  • Periodic pings to the Network Prevent servers from the Enforce server
  • Periodic checks to ensure that the Vontu Monitor service is running
  • Verify basic functionality of Prevent Server.  Create a synthetic transaction that runs periodically and sends a non-violating email through Prevent. Verify that the email is received.
  • Verify advanced functionality of Prevent Server.  Create a synthetic transaction that runs periodically and sends an email that violates a policy that blocks the message. Verify that the email does not get sent and that a bounce notification gets returned to the sender.
  • Capture critical system events via email alerts.  Set up event alerts to notify system administrators of potential issues. Alerts can be configured to trigger under multiple conditions. In some cases, an alert should be configured solely on event because it reflects a system-wide issue. For other alerts that are Prevent-specific, you should add a condition that the relevant server is one of your Prevent servers. For instructions on setting up event alerts, refer to the Admin Guide for your version. For more information on general system maintenance and diagnosis, refer to the System Maintenance Guide.

System-wide alert conditions:

• Event summary contains Low disk space
• Event summary contains License about to expire
• Event summary contains Tablespace is almost full
• Event summary contains not responding
• Event summary contains Monitor status updater exception
• Event summary contains Communication error

Prevent-specific alerts:

• Server is any of [choose all prevent servers]
   AND
• Event summary contains No SMTP Traffic Captured
• Event summary contains restarts excessively
• Event description contains Failed to restart