search cancel

Incidents from the DLP Cloud Service are stuck in queue

book

Article ID: 254156

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Data Loss Prevention Cloud Package

Issue/Introduction

You have noticed that incidents from the Cloud Service are not reaching your Enforce Server console, and there is frequently an Incident Queue.

Restarting the DetectionServerController service appears to temporarily address the issue.

Environment

Release : 15.8 MP2 or earlier

Cause

The SymantecDLPDetectionServerController service on the Enforce Server - aka the MonitorController service - is the service which coordinates data shipping to and from all Detection Servers, including Cloud Detectors.

Although it's possible to improve performance by increasing memory allocated to the service, there are also some known issues affecting the Enforce Server services, in versions prior to 15.8 MP3.

Resolution

Apply 15.8 MP3 to obtain specific fixes described below.

 

The first fix is most significant as it corrects an issue with connectivity to the Cloud Service:

CRE-10171 -- The DetectionServerControllerService service sometimes lost the
connection to the Cloud Service Gateway during a local Oracle
database outage and then failed to reconnect later. You had to
restart the DetectionServerControllerService to reestablish the
connection.

Second fix:
CRE-10054 -- Failed database connections used by the Enforce Manager,
Incident Persister, and DetectionServerController services were
not removed from the database connection pool which resulted in
connection pool exhaustion and service outages until the affected
services were restarted.

Third fix:
CRE-10105 -- Applied a fix for the Oracle ojdbc7.jar driver issue
20960881 that caused a java.net.IOException
Checksum fail exception which affected several key services.

The above details are given on p. 6-7 of the release notes:

Symantec_DLP_15.8_MP3_Release_Notes.pdf (broadcom.com)

Additional Information

DLP version 15.8 is supported until the end of calendar year 2023, as per this advisory: End of Service dates for Symantec Data Loss Prevention.

Broadcom Technical Support strongly recommends applying this patch to 15.8 as soon as possible.