New IDM not indexing after upgrade of Data Loss Prevention

book

Article ID: 170018

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

After upgrading the OS and Data Loss Prevention (DLP), a newly created IDM will not index.
Create the new IDM, the green bar appears, however files never index.

Thread: 81 INFO [com.vontu.profiles.manager.InfoSourceIndexJob] Indexing InfoSource Job begin executing

Thread: 81 FINE [com.vontu.model.Model] model.transaction.begin.success

Thread: 81 FINE [com.vontu.model.Model] database.nativequery.success

Thread: 113 FINE [com.vontu.model.Model] model.transaction.begin.success

Thread: 113 FINER [com.vontu.model.Model] data.instantiation.success

Thread: 81 FINE [com.vontu.model.Model] model.transaction.commit.success

Thread: 113 FINE [com.vontu.model.Model] data.persist.success

Thread: 81 INFO [com.vontu.cracker.jni.NativeContentExtractionEngine.HostManager] [1054848768] Launched a new host process, id: 27270800-4b43-4802-b72a-08af9b20406a, pid: 7620 HostManager.cpp 124

 Thread: 81 WARNING [com.vontu.cracker.jni.NativeContentExtractionEngine.HostManager] [1054848768] OS Error: 0, Exception thrown from : PipeLinuxImpl.cpp(144) HostManager.cpp 331

Thread: 81 SEVERE [com.vontu.cracker.jni.NativeContentExtractionEngine.HostManager] [1054848768] Handshake failed with CE host., Exception thrown from : HostManager.cpp(128) HostManager.cpp 153

Thread: 81 SEVERE [com.vontu.cracker.jni.NativeContentExtractionEngine.ContentExtractionEngine] [1054848768] Exception caught during starting up host manager. ContentExtractionEngineImpl.cpp 75

Thread: 113 FINE [com.vontu.model.Model] model.transaction.commit.success

Thread: 81 SEVERE [com.vontu.profiles.manager.InfoSourceIndexCreator] Indexing failed. Trigger Name: 6283_DATA_SOURCE_INDEX_TRIGGER IDs: [[email protected]

Cause:

com.vontu.cracker.jni.NativeException: Failed to start Engine

com.vontu.cracker.jni.NativeException: Failed to start Engine

at com.vontu.cracker.jni.NativeContentExtractionEngine.create(Native Method)

at com.vontu.cracker.jni.NativeContentExtractionEngine.<init>(NativeContentExtractionEngine.java:76)

at com.vontu.cracker.jni.EngineContext.<init>(EngineContext.java:39)

at com.vontu.cracker.NativeExtractionEngine.<init>(NativeExtractionEngine.java:60)

at com.vontu.cracker.NativeExtractionEngine.<init>(NativeExtractionEngine.java:40)

at com.vontu.profiles.manager.document.ContentExtractionProvider.<init>(ContentExtractionProvider.java:40)

at com.vontu.profiles.manager.document.ContentExtractionProviderFactory.createContentExtractionProvider(ContentExtractionProviderFactory.java:77)

at com.vontu.profiles.manager.document.ContentExtractionServiceForDocumentIndexer.reset(ContentExtractionServiceForDocumentIndexer.java:59)

at com.vontu.profiles.manager.document.ContentExtractionServiceForDocumentIndexer.<init>(ContentExtractionServiceForDocumentIndexer.java:44)

at com.vontu.profiles.manager.document.ContentExtractionServiceForDocumentIndexer.getInstance(ContentExtractionServiceForDocumentIndexer.java:71)

at com.vontu.profiles.manager.document.DocumentSourceIndexCreator.getDocumentExtractor(DocumentSourceIndexCreator.java:1324)

at com.vontu.profiles.manager.document.DocumentSourceIndexCreator.<init>(DocumentSourceIndexCreator.java:163)

at com.vontu.profiles.manager.InfoSourceIndexCreator.indexListOfDataSources(InfoSourceIndexCreator.java:231)

at com.vontu.profiles.manager.document.DocumentSourceIndexJob.index(DocumentSourceIndexJob.java:31)

at com.vontu.profiles.manager.InfoSourceIndexJob.execute(InfoSourceIndexJob.java:75)

at org.quartz.core.JobRunShell.run(JobRunShell.java:213)

at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)

Cause

The Content Extraction Engine on the Linux system cannot start.
This was due to missing libraries apr-util, compat-db47
 

Environment

DLP 14.6
Redhat 7.4

Resolution

Installed the missing libraries.

https://support.symantec.com/en_US/article.TECH237088.html
 

  1. To get  a more detailed error message on why the content extraction engine cannot start we will launch it manually as the “protect”  linux user.
  2. Sudo into the protect linux user  with  command  su  -  protect
  3. Navigate to the  content extraction engine default path: /opt/SymantecDLP/Protect/lib/native folder.
  4. Run the content extraction engine manually with the  ./ceh   command as protect user.
  5. The content extraction engine will throw a more detailed error on why it cannot start,  90% of the time it is missing a library or  .so  file,  it will tell you which one. You can run lld ceh command to see what libraries are missing as well.
  6. You will have to then install the  RPM that contains the missing library,  once this is done run the   ./ceh command again,   and if it returns a blank screen without any errors, it has loaded correctly and is ready to run.
  7.  You may start the VontuMonitor service now on the detection server and monitor the Filereader log when starting with the    >   tail-f  /var/log/SymantecDLP/debug/FileReader0.log  file command.