Warning 'Rejecting the files from enforce_receiving being received due to overload on folder <ServerName> (IPAddress):filereader for the sub-system CatalogItemWriterSubsystem' during Network Discover Scan

book

Article ID: 206776

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Network Discover

Issue/Introduction

Discover scans run more slowly than expected and you see the following warnings on the Enforce in the MonitorController(n).log files:

com.vontu.communication.services.file.receiver.FileReceivingHandler newFileShipmentAvailable
WARNING: Rejecting the files from enforce_receiving being received due to overload on folder <ServerName> (IPAddress):filereader for the sub-system CatalogItemWriterSubsystem. Sender will retry sending the file at a later time.

Cause

This is a sign that the Enforce and/or Oracle database are having trouble keeping up with Automatic Remediation Tracking. Options for ART are found on a discover scan target's Advanced Tab. By default, only the "Item No Longer Exists" option is selected as shown in the screenshot below:

The enforce_receiving folder for the CatalogItemWriterSubsystem is the directory on Enforce that contains .cat files that are received from Discover scans and processed by IncidentPersister, typically found at:

C:/ProgramData/Symantec/DataLossPrevention/EnforceServer/<ver>/scan/catalog/enforce_receiving/

 

Environment

DLP 15.x

Resolution

Option 1

If you want to continue to automatically resolve incidents based on the Discover Scan targets' "Remediation Detection Preferences":

You can either ignore this message, since the .cat files will automatically be sent once the number of files in the ART catalog enforce_receiving directory goes below the limit. Or, you can increase the number of files that can be held in the enforce_receiving subdirectory on Enforce. By default, this is set to 15000:

  1. On Enforce edit Protect.properties, typically found within C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<ver>\Protect\config
  2. Increase the com.vontu.discover.detectionserver.remediation.detection.comm.maxfiles parameter to the desired value.
  3. Save Protect.properties
  4. Restart the Symantec Detection Server Controller service.
Option 2

If you do not want incidents to automatically resolve based on the "Remediation Detection Preferences" and/or you want to lessen the load on Enforce during scans to improve performance:

  1. On each Discover Scan target navigate to the Advanced Tab -> Remediation Detection Preferences
    1. Uncheck all options in this section and save the target.
 
 

Attachments