ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Manual changes to any logging.properties file on Enforce or Detection servers are ignored

book

Article ID: 186272

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor and Prevent for Email and Web

Issue/Introduction

You are trying to increase the sensitivity of the logging, either on Enforce or Detection servers by manually editing the appropriate logging.properties files, eg:
  • MonitorControllerLogging.properties
  • IncidentPersisterLogging.properties
  • FileReaderLogging.properties
  • etc
Even after restarting the appropriate service however, the changes made in the *Logging.properties file are ignored. Only INFO, WARNING and SEVERE level log messages continue to appear in the log file.

Cause

The logging level has, at some point in the past, been set from the Enforce console from the System | Servers and Detectors | Logs menu by selecting the Configuration tab and choosing 'Restore Defaults' from the Diagnostic Logging Setting drop-down menu.

Environment

Release : 15.x, 14.6

Resolution


1. Locate the relevant file path:
Enforce Server: C:\ProgramData\Symantec\DataLossPrevention\EnforceServer\15.5\LoggingConfigurationOverwrite
Detection Server: C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.5\LoggingConfigurationOverwrite

2. Delete the LoggingConfigurationOverwrite folder and its contents
3. Restart the SymantecDLP service(s)

You can now make manual changes to the logging.properties files you need and they will be active after the corresponding DLP service has been restarted.