Incident Persister is running but not persisting any incident. Incidents are backed up (in queue) on Enforce and all Detection servers.

Incidents are being stored in external storage.

Release : 15.5

Component : Incident Persister

IncidentPersistor_0.log shows the following error:

Feb 22, 2022 2:22:22 PM (SEVERE) Thread: 87 [com.vontu.util.filesystem.DirectoryPermissionsDeterminer.verifyDirectoryReadPermissions] Directory '\\<server>\dlp$' does not exist.
Feb 22, 2022 2:22:22 PM (SEVERE) Thread: 87 [com.vontu.util.filesystem.DirectoryPermissionsDeterminer.verifyDirectoryPermissions] Directory '\\<server>\dlp$' is not readable.
Feb 22, 2022 2:22:22 PM (SEVERE) Thread: 87 [com.vontu.incidenthandler.blob.MessageBlobWriteService.getBlobDirectory] 
com.vontu.incidenthandler.blob.IncidentBlobDirectoryInaccessibleException: Cannot access the incident blob externalization directory \\<server>\dlp$
 at com.vontu.incidenthandler.blob.MessageBlobWriteService.getBlobDirectory(MessageBlobWriteService.java:195)
 at com.vontu.incidenthandler.blob.MessageBlobWriteService.writeToDisk(MessageBlobWriteService.java:121)
 at com.vontu.incidenthandler.blob.MessageBlobWriteService.writeToDiskAndNotify(MessageBlobWriteService.java:111)
 at com.vontu.incidenthandler.blob.MessageBlobWriteService.persistMessageComponentsToDisk(MessageBlobWriteService.java:90)
 at com.vontu.incidenthandler.message.persist.convert.v14.MessageComponentLobConvertor.persistExtractedComponent(MessageComponentLobConvertor.java:88)
 at com.vontu.incidenthandler.message.persist.convert.v14.MessageComponentLobConvertor.createMessageComponentLob(MessageComponentLobConvertor.java:67)
 at com.vontu.incidenthandler.message.persist.convert.v145.MessageComponentProcessor.initializeMessageComponent(MessageComponentProcessor.java:210)
 at com.vontu.incidenthandler.message.persist.convert.v145.MessageComponentProcessor.createComponentsAndIncidents(MessageComponentProcessor.java:83)
 at com.vontu.incidenthandler.message.persist.v155.SerializableMessagePersister.persistDiscoverMessage(SerializableMessagePersister.java:295)
 at com.vontu.incidenthandler.message.persist.v155.SerializableMessagePersister.persistMessage(SerializableMessagePersister.java:99)
 at com.vontu.incidenthandler.message.persist.SerializableMessageDatabasePersistor.persistMessage(SerializableMessageDatabasePersistor.java:246)
 at com.vontu.incidenthandler.message.persist.SerializableMessageDatabasePersistor.persistMessage(SerializableMessageDatabasePersistor.java:105)
 at com.vontu.incidenthandler.message.persist.IncidentPersistingThread.run(IncidentPersistingThread.java:143)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)

There is an issue accessing the external storage.

1. Verify that the external storage directory exists and is accessible from the Enforce server and Database.
2. Create a "SymantecDLP" user on the external storage server with the same password as your Enforce Server "SymantecDLP" user to use with your external storage directory.