search cancel

File Reader logs named incorrectly, File Reader will not start in DLP 14, 14.0.1, 14.0.2

book

Article ID: 162970

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention for Mobile Data Loss Prevention Network Discover Data Loss Prevention Network Prevent for Web Data Loss Prevention Endpoint Discover

Issue/Introduction

File Reader has stopped and will not start again.  In the SymantecDLP\Protect\logs\debug folder, File Reader logs have an additional number appended to the end of the log name.

For example, the FileReader0.log file appears as FileReader0.log.11.  After FileReader0.log.100 has been filled, File Reader stops and will not start again.

NOTE: This type of issue may also be experienced with other sub processes like Aggregator or RequestProcessor.

VontuMonitor.log stored in \SymantecDLP\Protect\logs\debug\ has the lines shown below which show that the FileHandler process could not
get a lock for respective logs.
                     
===================+++++++++++++++++++++++=====================
INFO   | jvm 1    | 2016/05/15 17:02:06 | FR> at
com.vontu.messaging.FileReader.main(FileReader.java:233)
INFO   | jvm 1    | 2016/05/15 17:02:06 | FR> Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=128M; support was removed in 8.0
INFO   | jvm 1    | 2016/05/15 17:02:06 | FR> Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256M; support was removed in 8.0
INFO   | jvm 1    | 2016/05/22 19:49:33 | IW> Can't load log handler "java.util.logging.FileHandler"
INFO   | jvm 1    | 2016/05/22 19:49:33 | IW> java.io.IOException: Couldn't get lock for F:/SymantecDLP/Protect/logs/debug/IncidentWriter%g.log
INFO   | jvm 1    | 2016/05/22 19:49:33 | IW> java.io.IOException: Couldn't get lock for F:/SymantecDLP/Protect/logs/debug/IncidentWriter%g.log
                    
===================+++++++++++++++++++++++=====================
INFO   | jvm 1    | 2016/05/31 23:20:51 | DSD> at com.vontu.detectionserver.database.DetectionServerDatabase.main(DetectionServerDatabase.java:63)
INFO   | jvm 1    | 2016/06/01 04:53:54 | DSD> Can't load log handler "java.util.logging.FileHandler"
INFO   | jvm 1    | 2016/06/01 04:53:54 | DSD> java.io.IOException: Couldn't get lock for F:/SymantecDLP/Protect/logs/debug/DetectionServerDatabase%g.log
INFO   | jvm 1    | 2016/06/01 04:53:54 | DSD> java.io.IOException: Couldn't get lock for F:/SymantecDLP/Protect/logs/debug/DetectionServerDatabase%g.log
INFO   | jvm 1    | 2016/06/01 04:53:54 | DSD> at java.util.logging.FileHandler.openFiles(FileHandler.java:422)
                    
===================+++++++++++++++++++++++=====================

Cause

This is an issue inherent to the JRE 8 update 20 bundled with DLP 14.0, 14.0.1 and 14.0.2. There are no hotfixes available for this issue, as the JRE is not updated in release updates or hotfixes. The issue will be fixed in an updated version of the JRE in the next major release of Symantec Data Loss Prevention.

Resolution

Temporary Solution: The solution is to stop all the Vontu services on the detection server, delete all LCK files from \SymantecDLP\Protect\logs and \SymantecDLP\Protect\logs\debug folders to manually release the lock and then start the Vontu services again.

Permanent Solution: Upgrade DLP Enforce and Detection servers to at least 14.5 version or latest available. DLP version 14.5 and above uses JRE 8 update 51, where this issue is fixed.