Enable SQL Query (JDBC) logging in DLP
search cancel

Enable SQL Query (JDBC) logging in DLP

book

Article ID: 159781

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Symantec Data Loss Prevention (DLP) Enforce

If you have database issues and need the SQL queries to send to engineering for diagnosis, you can enable SQL Query (manager_jdbc.log) logging.

Resolution

To enable SQL Query logging in the Manager (Supported versions):

  1. Go to the LoggingConfigurationOverwrite directory and move any "ManagerLogging.properties" configuration files from that directory (delete or backup to a separate location). 
    1. Windows Path: \ProgramData\Symantec\DataLossPrevention\EnforceServer\16.x\LoggingConfigurationOverwrite\
      1. where x is the DLP version
    2. Linux Path: /var/Symantec/DataLossPrevention/EnforceServer/16.x/LoggingConfigurationOverwrite/
      1. where x is the DLP version
  2.  Edit the regular ManagerLogging.properties file
    1. Windows Path: \Program Files\Symantec\DataLossPrevention\EnforceServer\16.x\Protect\config\ManagerLogging.properties
      1. where x is the DLP version
    2. Linux Path: /opt/Symantec/DataLossPrevention/EnforceServer/16.x/Protect/config/ManagerLogging.properties
      1. where x is the DLP version
  3. Set com.vontu.jdbc.level to FINE
  4. verify com.vontu.util.jdbc.JDBCLogHandler.level is set to FINE
  5. Set com.vontu.util.jdbc.JDBCLogHandler.count to 20 or more files, whatever is appropriate to capture enough information.
  6. update com.vontu.jdbc.threshold_ms to an appropriate value for the issue you are troubleshooting (0 captures all sql queries)
  7. Restart the SymantecDLPManager Service.

Once JDBC logging is enabled, go into the UI and perform any task that you need to capture the SQL queries on i.e., run reports, select incidents etc.

Any SQL statement not executed through OJB will be logged to

Windows Path: \ProgramData\Symantec\DataLossPrevention\EnforceServer\15.x\logs\debug\manager_jdbc_y.log

Linux Path: /var/log/Symantec/DataLossPrevention/EnforceServer/15.x/debug/manager_jdbc_y.log

where x is the DLP version
and y is the log number

along with the time it took to execute the statement.

After performing this test:

  1. Reset com.vontu.jdbc.level to INFO
  2. verify com.vontu.util.jdbc.JDBCLogHandler.level is set to FINE
  3. Reset com.vontu.util.jdbc.JDBCLogHandler.count to 5
  4. Reset com.vontu.jdbc.threshold_ms to 500 (Default)
  5. Restart the SymantecDLPManager Service.

NOTE: if any setting is missing add it to the properties file. 

 

 

Additional Information

If you make any logging changes through the console (System >> Servers and detectors >> Logs >> Configuration tab) you will create a new ManagerLogging.properties file in the LoggingOverwrite directory.  That will overwrite the logging configuration. 

Note - Same changes can be done to "IncidentPersisterLogging.properties" file to generate "IncidentPersister_jdbc_x.log" file. After making changes to "IncidentPersisterLogging.properties" file, please restart "SymantecDLPIncidentPersister" service to apply changes.

Powered by Wolken Software