Unexpected Server Error when viewing the Audit Logs page in the DLP Enforce Console
search cancel

Unexpected Server Error when viewing the Audit Logs page in the DLP Enforce Console

book

Article ID: 277751

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite

Issue/Introduction

When trying to view the System -> Servers and Detectors -> Audit Logs page in the DLP Enforce Console you get an error that says, "Unexpected server error has occurred. Please refer to log for details." and no log events will show.

Environment

DLP Enforce 16.0.1(RU1) and above

Cause

The issue is caused when the View incidents privilege is not enabled for the DLP role.

DLP Enforce localhost logs contain the following;

04 Jan 2024 21:37:29,930- Thread: 172 WARNING [com.symantec.dlp.incidentwebapi.IncidentApiRestErrorHandler] User does not have any of these privilege(s), having at least one is required: view_incidents

Resolution

Edit the DLP role and add the View privilege and save. You will need to logout and log back into the Enforce Console to see the changes take effect.

 

 

Update: Starting from DLP 16.0.2 (RU2), the requirement for Incident view access to view audit logs in Enforce has been removed.

 

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/16-0-1/Manage-the-Enforce-Server/managing-system-events-and-messages/using-audit-logs-for-dlp.html

Powered by Wolken Software