The Symantec Endpoint Protection Manager (SEPM) is not importing log files uploaded by SEP clients, and large numbers of .dat files are filling up in the data/inbox/log subfolders (behavior/client/security/system/traffic) under the directory where SEPM is installed.
Client log importing has previously worked on this SEPM server.
This issue can be caused by old bcp.exe processes hanging in the background on the SEPM server. Bcp.exe is part of the Microsoft SQL Client Tools and used by SEPM to import .dat log files uploaded from the client into the database.
SEPM will only initiate a fixed number of simultaneous bcp.exe processes, and in case a bcp.exe process has hung in the background for any reason this can prevent further logs from being uploaded.
Verify with the Windows Task Manager or the Microsoft Sysinternals Process Explorer tool if any bcp.exe child processes under SemSvc.exe (the SEPM service) are running in the background. Normally a bcp.exe process started by SEPM should finish within a number of seconds. If there are bcp.exe child processes of SEPM that have been running for several days and are using 0% CPU currently then attempt to terminate these processes (or otherwise reboot the SEPM server which should also resolve the problem).
After this monitor the data\inbox\log\ subfolders to see if files are again being processed.
One option for SEPM servers affected by this problem is to switch the log handling to a separate method that does not use bcp.exe. To force the use of only the builtin SEPM batch handler method, please follow the steps below:
Knowledge-base article TECH95166 also covers a number of causes of a similar problem relating to incorrect installations of the SQL Client Tools.