DLP Enforce REST API: "500 Internal Server Error"
search cancel

DLP Enforce REST API: "500 Internal Server Error"

book

Article ID: 434556

calendar_today

Updated On:

Products

Data Loss Prevention API Detection Data Loss Prevention

Issue/Introduction

When executing REST API commands against the DLP Enforce Server, the API client receives an HTTP 500 Internal Server Error. 

Snippet from localhost Logs

[Date and Time]- Thread: [ID] FINE [com.symantec.dlp.incidentdomainservices.IncidentComponentStreamer] Downloaded the component: [ID] for incidentid: [ID] from database. [Date and Time]- Thread: [ID] WARNING [org.apache.coyote.http11.Http11Processor] The HTTP response header [Content-Disposition] with value [attachment;filename=...] has been removed from the response because it is invalid
Cause: java.lang.IllegalArgumentException: The Unicode character [?] at code point [54,868] cannot be encoded as it is outside the permitted range of 0 to 255

Snippet from localhost_access Logs:

[IP Address] - - [Date and Time] "GET /ProtectManager/webservices/v2/incidents/[ID]/components/[ID] HTTP/1.1" 500 709 "-" "python-requests/2.32.4"
[IP Address] - - [Date and Time] "GET /ProtectManager/webservices/v2/senderRecipientPattern/[ID] HTTP/1.1" 500 709 "-" "axios/1.13.5"

Environment

DLP 16.x
Enforce Rest API

 

 

Cause

The Enforce Server is overloaded due to high-verbosity logging (e.g., FINEST or ALL) enabled in the configuration files. Excessive disk I/O and CPU usage from logging every transaction can cause the Tomcat service (which manages the API) to hang or timeout, resulting in a 5xx series server error.

 

Resolution

 

Revert Logging Level to INFO

Navigate to the Enforce configuration directory and revert the logging levels to the default value.

  • Windows Path: C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config

  • Linux Path: /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/config

  1. Open the ManagerLogging.properties file.

  2. Locate the following lines and change FINEST back to INFO

    # Revert the following from FINEST to INFO
    com.vontu.logging.ServletLogHandler.level = INFO
    com.vontu.level = INFO
    com.symantec.dlp.level = INFO
    org.apache.juli.FileHandler.level = INFO

  3. Restart Enforce Services
  4. Verify the fix

Retry the REST API command from your client (e.g., Postman or cURL). The 500 Internal Server Error should no longer occur once the logging overhead is removed.

Additional Information

Reference: Broadcom Knowledge Base Article 159534 - Increase DLP Manager service logging levels.

Powered by Wolken Software