search cancel

Disabling Java crash dumps for DLP services such as FileReader

book

Article ID: 213107

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

You want to disable Java crash dump generation for DLP services. This can be useful when unhandled exceptions are producing so many crash dumps that they are filling up a server's hard drive.

Environment

DLP 15.x

Resolution

To disable java crash dump generation you can use one of the following two methods:

  1. To disable java crash dumps on a specific service such as FileReader
    1. In the Enforce Console, navigate to the Detection server Advanced settings
    2. For JRE 8 and lower:
      1. Add a space followed by -XX:-CreateMinidumpOnCrash to the end of the BoxMonitor.FileReaderMemory settings field as shown below:

    3. For JRE 9 and higher
      1. Add a space followed by -XX:-CreateCoredumpOnCrash to the end of the BoxMonitor.FileReaderMemory settings field, similar to what is shown above.
    4. Save and restart the Detection Server service
  2. To disable java crash dumps on all java based detection server services:
    1. For JRE 8 and lower:
      1. Add the following line to SymantecDLPDetectionServer.conf (ensure that the highlighted number does not conflict with another parameter's number)
        wrapper.java.additional.300 = -XX:-CreateMinidumpOnCrash
    2. For JRE 9 and higher:
      1. Add the following line to SymantecDLPDetectionServer.conf (ensure that the setting number does not conflict with another parameter's number)
        wrapper.java.additional.300 = -XX:-CreateCoredumpOnCrash 
    3. Save and restart the Detection Server service

For Linux, to disable core dumps, login to the server as the root user and enter the following command:

ulimit -c 0

Additional Information

1. The file SymantecDLPDetectionServer.conf mentioned in Step 2 is located on the Detection server at below path:
 C:\Program Files\Symantec\DataLossPrevention\DetectionServer\Services

Don't get confused with SymantecDLPDetectionServerController.conf(this is on Enforce).

2. Also note that the line that needs to be added is different based on the JRE version.
To check the JRE version, open cmd as admin and type: <Path to java.exe in JRE folder used by DLP> -version

Example for 15.8(output showing JRE version 8):

>"C:\Program Files\AdoptOpenJDK\jre-8.0.275.1-hotspot\bin\java.exe" -version
openjdk version "1.8.0_275"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_275-b01)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.275-b01, mixed mode)

Attachments