Enabling Syslog Logging causes An Unexpected Error Has Occurred
Article ID: 160181
Updated On:
Products
Issue/Introduction
Getting " An Unexpected Error Has Occurred " when trying to login to DLP web console. Checked all services are running on the enforce server. Restarted all services and that did not resolve the issue either.
Review of the logs:
Source: com.vontu.manager.ProtectServlet
Message: (MANAGER.3) An error occurred during the startup of the Manager service
Cause:
javax.servlet.ServletException: Error initializing system event command runtimejavax.servlet.ServletException: Error initializing system event command runtime
at com.vontu.manager.init.InitSystemEventCommands.loadCommandRuntime(InitSystemEventCommands.java:101)
at com.vontu.manager.init.InitSystemEventCommands.init(InitSystemEventCommands.java:66)
at com.vontu.manager.init.ServletInitTaskManager.init(ServletInitTaskManager.java:129)
at com.vontu.manager.ProtectServlet.init(ProtectServlet.java:159)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:123)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1122)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1089)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:983)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4864)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5173)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:129)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:150)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:688)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1866)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1045)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:429)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936)
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909)
at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:421)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.startup.Catalina.start(Catalina.java:738)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:342)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.tanukisoftware.wrapper.WrapperStartStopApp.run(WrapperStartStopApp.java:316)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.vontu.command.loader.CommandRuntimeLoaderException: Error creating CommandRutnime.
at com.vontu.command.loader.CommandRuntimeLoader.load(CommandRuntimeLoader.java:114)
at com.vontu.command.loader.ModelCommandRuntimeLoader.load(ModelCommandRuntimeLoader.java:114)
at com.vontu.manager.init.InitSystemEventCommands.loadCommandRuntime(InitSystemEventCommands.java:86)
... 68 more
Caused by: com.vontu.command.CommandRuntimeException: Error initializing command: syslog (ID -XXXXXXXX).
at com.vontu.command.CommandRuntime.initializeCommandRuntimeInstructions(CommandRuntime.java:486)
at com.vontu.command.CommandRuntime.start(CommandRuntime.java:587)
at com.vontu.command.loader.CommandRuntimeLoader.load(CommandRuntimeLoader.java:107)
... 70 more
Caused by: java.lang.IllegalArgumentException: can't parse argument number: 0.EN_US
Cause
The old format for syslog logging is invalid in current versions.
C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\Manager.properties file (windows)
opt//Symantec/DataLossPrevention/EnforceServer/<version>/Protect/config/Manager.properties
the line for format is
- #systemevent.syslog.format= [{0.EN_US}] {1.EN_US} - {2.EN_US}
If this has been uncommented without being updated, it cannot be read by the syslog parser and throws the error.
Resolution
To determine if this is the cause:
- Locate and open the config\Manager.properties file.
- Comment the following lines:
- #systemevent.syslog.host=
- #systemevent.syslog.port=
- #systemevent.syslog.format=
- Restart the Manager service
If Enforce is able to be logged in, review the below article to correct setup.
Additional Information
For the current setup and format of syslog, see TECH218905 - aka KB 159509: Generating Syslog messages from Data Loss Prevention (broadcom.com)
Feedback
