Error "Couldn't add files to zip" when you collect the logs file using the DLP console

book

Article ID: 159893

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

When you collect the logs using the DLP console, you get an error "Couldn't add files to zip" and the ZIP file has missing some log files

Resolution

The error "Couldn't add files to zip" is related to the DLP process to collect and compress the log files. The error shows that, when you collected the logs by the DLP console, some files are locked by another process. The reboot of the server will help these files to be released from that application and make them available during the log collection by the DLP console.

This is the error (BoxMonitor0.log) before the server reboot:

Jan 13, 2012 6:46:50 PM com.vontu.logging.LocalLogWriter write
WARNING: Couldn't add files to zip. The files requested for collection could not be written to an archive file.
Jan 13, 2012 6:46:50 PM com.vontu.boxmonitor.logs.CollectLogSenderTask run
SEVERE: (LOG_MANAGEMENT.3) Error while attempting to archive log files
java.io.IOException: The process cannot access the file because another process has locked a portion of the file
Jan 13, 2012 7:06:49 PM com.vontu.logs.collection.FileListZipper archive
WARNING: File [C:\Vontu\Protect\logs\debug\PacketCapture.log.4] was not found when attempting to add it to a zip file. It may be incorrectly permissioned.
Jan 13, 2012 7:06:53 PM com.vontu.boxmonitor.logs.DeliveryHandler onSuccess
INFO: (LOG_MANAGEMENT.2) Uploaded archived log file set [1326452807925_242.zip]

This is the correct logging, after the server reboot:

Jan 31, 2012 11:51:51 PM com.vontu.boxmonitor.logs.CollectLogUploadEventReceiver onUpdate
INFO: (LOG_MANAGEMENT.1) Received log file upload request
Jan 31, 2012 11:51:51 PM com.vontu.boxmonitor.logs.CollectLogSenderTask run
INFO: Running LogSenderTask
Jan 31, 2012 11:51:54 PM com.vontu.boxmonitor.logs.DeliveryHandler onSuccess
INFO: (LOG_MANAGEMENT.2) Uploaded archived log file set [1328025111431_281.zip]


If you have Remote Access to the server, you could open the Windows Event Viewer and look for more information regarding the application which was locking the files. You might also confirm AV exclusions are in place, as per KB 41984.

If the problem shows up again, you could run this utility to verify which application is locking which file:
http://www.nirsoft.net/utils/opened_files_view.html

The reboot of the Detection server will fix the problem which is not related to DLP product.