Debugging Detection Issues

Data Loss Prevention

Steps to take for debugging detection issues.

For DLP versions 16.0 RU2 and earlier:

Change the logging level on the following line in FileReaderLogging.properties:

• com.vontu.detection.logging.DetectionExecutionTraceLogHandler.level=INFO, FINE, FINER, FINEST

For DLP version 16.1 and later:

Change the logging level on the following line in UDSDetectorLogging.properties:

• com.symantec.dlp.clouddetectionserver.logging.UniversalDetectionExecutionTraceLogHandler.level=INFO, FINE, FINER, FINEST

To enable de-dupe logging:

• com.vontu.policy.loader.execution.matrixmanipulators.DuplicateConditionManipulator.level = FINEST
• java.util.logging.FileHandler.level = FINEST

 

 

Level 2: Are the right rules matching?  Set the logging level to Finer.  Use this level when a condition (or which condition) is generating matches (or not generating matches).

Enable the logging:

• Add the following line to the FileReaderLogging.properties on the monitor in question:
  • com.vontu.detection.logging.BasicDetectionFeedback.level = FINER
• Make sure that java.util.logging.FileHandler.level (near the beginning of the file) is set to FINER or FINEST
• Safe the file
• You do not need to restart the monitor, the changes will take effect right away

Level 3: Are all the rules matching on the right certain components?  Set the logging level to Finest. Use this level to see if a component is generating matches (or not generating matches).

Enable the logging:

• Add the following line to the FileReaderLogging.properties on the monitor in question:
  • com.vontu.detection.logging.BasicDetectionFeedback.level = FINEST
• Make sure that java.util.logging.FileHandler.level (near the beginning of the file) is set to FINEST
• Save the file
• You do not need to restart the monitor, the changes will take effect right away