The customer has observed issues with the incident queues, incidents are either not persisting or slow to persist to the database. The default logs from Enforce are not providing any indication what the problem is and you need to implement debug logging for incident persister.

To increase the log levels for Incident Persister, edit the file IncidentPersisterLogging.properties:

WIndows: C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config
Linux: /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/config

- Make a backup copy of IncidentPersisterLogging.properties
- Modify the following settings to:

java.util.logging.FileHandler.level = FINEST
com.vontu.util.jdbc.JDBCLogHandler.level = FINEST
com.vontu.incidenthandler.level = FINEST
com.vontu.incidenthandler.message.level = FINEST
com.vontu.incidenthandler.message.persist.level = FINEST
com.vontu.incidenthandler.IncidentBacklogMonitorTask.level = FINEST

In that same file you might also want to increase the number of incident persister files it keeps before rotating from 5 to 15.

java.util.logging.FileHandler.count = 15

Restart Incident Persister Service to apply the changes.