FileReader Restarting Excessively when processing CAD files
search cancel

FileReader Restarting Excessively when processing CAD files

book

Article ID: 252850

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Network Email Data Loss Prevention

Issue/Introduction

Some CAD files would fail to process and emails would fail to complete processing. Corresponding Email message IDs are not found in the logs, but the upstream MTA shows as sending the message.

Evidence was not found in the logs of file reader crashing on the .dwg file. But on subsequent files, it showed:

Class: com.vontu.messaging.chain.ContentExtractionChainObserver
Method: handleFailure
Level: WARNING
Message:  Recording Message processing failure due to ContentExtractionTimeoutException

Class: com.vontu.messaging.chain.TimeoutHandler
Method: handleTimeout
Level: WARNING
Message:  (DETECTION.12) Message chain #7 has exceeded the component timeout in Message Text Extractor. If it hasn't stopped processing in 30 more seconds this process will restart. Working on item RequestProcessor.2, total data length: 0

Class: com.vontu.messaging.chain.MessageChainPool
Method: stopChains
Level: WARNING
Message:  Message chain #8 didn't stop processing the message.

 

To troubleshoot this enable FINEST logging in the FileReaderLogging.properties

ApplicationMonitoringLogger.level = FINEST

And increased logging retention

You can then see the CAD files come in and the message ID in the logs.

Method: processBinaryComponent
Level: WARNING
Message:  Text extraction for <filename>.dwg failed, detecting on metadata only

Method: processMessageComponents
Level: WARNING
Message:  Content extraction for file [<FileName>.dwg] from email [Message-ID: <MessageID@Company Domain> Date: Applicable date and time +0000] failed.

Cause

In this case, the FileReader is not crashing, but it is being locked
Once X number of threads become locked, the FileReader cannot process subsequent files, and the FileReader restarts.

In this case, the thread was locking before DLP was able to log the event.
The Application Monitor log does log the process before it starts content extraction.

Once you identify what CAD file was causing the thread to lock, you are able to test with filter.exe.
In this case, you see that it would hang amd never clear.

Process Explorer showed that there were many threads open and frozen by filter.exe.
Process Explorer identified a subprocess in the filter.exe stack called OneAgent.

OneAgent is a monitoring tool from Dynatrace.
Once  all the threads were cleared, and OneAgent was removed, filter.exe was able to process the file correctly.

Resolution

Remove Dynatrace OneAgent from the Detection server.

 

Additional Information

Powered by Wolken Software