When attempting to create a web archive that has more than 10000 incidents, it creates the directory tree on disk but immediately completes without extracting any incidents.
The following error is displayed on the "incident_list.html".
The incident list is too big to display as it contains more than 10,000 incidents.
In DLP maximum number of incidents in a report exported using the Web Archiver is by default set to 10000, this limit can be changed depending on server CPU and RAM using a configuration file.
On the Enforce server locate the "Manager.properties" located at "<Install Drive>/Symantec/DataLossPrevention/EnforceServer\15.x./Protect/config/Manager.properties" and adjust the following settings:
#Incident caps to protect against out of memory problems
#The maximum number of incidents that may be displayed when clicking show all on an incident list page
com.vontu.manager.maxshowallincidents = 10000
#The maximum number of incidents allowed in a report exported using the Web Archiver
com.vontu.manager.maxwebarchiveincidents = 10000
#The maximum number of incidents allowed in a report exported through an Auto report email by data owner
com.vontu.manager.maxautodistributionincidents = 10000
Restart the Symantec DLP Manager service and retry the archive.
this functionality changed in dlp 16.0 and was returned with MP2 Hotfix 1
On 16.0 MP2 HF1, to export more than 10,000 incidents, go to:
Windows: <drive>:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\Enforce.properties
And increase to value in the following setting: