ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Log the IP address of the packet source in DLP Network Monitor

book

Article ID: 226823

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Network Monitor

Issue/Introduction

Can the source IP address of ALL packets sent to the Symantec Data Loss Prevention (DLP) Network Monitor be logged?

Resolution

No, our logging will NOT capture the IP of ALL the packets sent to the NetMon server.

The best we can do is to set the PacketCaptureNativeLogging.properties file, Logger for StreamManager value to either DEBUG or TRACE.

The PacketCapture log will then display the packet's source and destination IP addresses. 

However, it will only log information for enabled protocols and for file types we are monitoring.
It does NOT log information for ALL packets pushed to the NetMon servers.

Changes to the PacketCaptureNativeLogging.properties file require a restart of the services on the NetMon server.