search cancel

Event Code 3007 - Failed to remove orphaned file in DLP

book

Article ID: 200108

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Discover Data Loss Prevention Data Loss Prevention Network Discover

Issue/Introduction

Symantec Data Loss Prevention (DLP)
Network or Endpoint Discover

This issue occurs after the Detection server is rebooted, or the FileReader service restarts.

The FileReader logs shows many warnings about failing to remove orphaned files, referring to remote indexes.

WARNING: Failed to remove orphaned file. ..LegacyEndpointDocSource.16592.9.rdx

The warnings include DocSource rdx files, EndpointDocSource rdx files, and LegacyEndpointDocSource rdx files.

The "ls -al" command in the "/var/vontu/drop_pcacp/symdlp/ServerPlatformCommon/15.5/index" directory shows many duplicate rdx files.
The duplicates start with a ".", the rest of the file name is identical.

Example:

-rwx------. 2 SymantecDLP SymantecDLP   19028384 Jul 14 12:57 .DataSource.1.16552.572.rdx.0
-rwx------. 2 SymantecDLP SymantecDLP   19028384 Jul 14 12:57 DataSource.1.16552.572.rdx.0

Cause

This is being caused by a failure to gracefully stop the Detection server services.

Environment

Release : 15.5 MP2 and 15.7

Component : FileReader

Resolution

Development has included the fix in the next major release.

Powered by Wolken Software