The DLP Network Monitor was recently upgraded to the 12.5.2 release. After the upgrade completed the filereader and packet capture services stopped on the network monitor. Running the root upgrade script on the network monitor server does not resolve the issue. Error is recorded in the filereader log indicating that the path for the catalog files could not be accessed. The DLP Network Monitor is installed on Redhat Linux.
Aug 11, 2015 com.vontu.messaging.FileReaderSetup initialize
SEVERE: (DETECTION.3) Failed to initialize Detection
com.vontu.util.config.InvalidPropertyValueException: The value "/var/SymantecDLP/scan/catalog" of configuration property "com.vontu.discover.detectionserver.remediation.detection.catalog.folder" doesn't specify a valid folder.
Aug 11, 2015 com.vontu.logging.LocalLogWriter write
SEVERE: File Reader failed to start. Error starting File Reader. The value "/var/SymantecDLP/scan/catalog" of configuration property "com.vontu.discover.detectionserver.remediation.detection.catalog.folder" doesn't specify a valid folder. No incidents will be detected.
Aug 11, 2015 com.vontu.messaging.FileReader stop
INFO: (DETECTION.4) Detection is shutting down
The installation path for the DLP Network monitor was changed after the upgraded completed. Specific path that was altered was the /var/SymantecDLP/scan catalog directory. After the path was altered the filereader service could not access that directory and failed to startup. The protect.properties file still listed the old install path for the detection server database and offline catalog files.
Verify the new install path for the catalog directory on the DLP Network Monitor after the upgrade completed. Edit the protect.properties file using a text editor such as notepad or notepad++ and changed the install paths for the catalog files to match the current DLP Monitor installation paths. Restart the Vontu services on the network monitor or reboot server after making changes to the protect.properties file.
Protect.Properties File Catalog Paths
# The "home" for the DetectionServer database - same as the remediation detection catalog
com.vontu.detectionserver.database.home = /var/SymantecDLP/scan/catalog
# The location of offline catalog files on the discover.
com.vontu.discover.detectionserver.remediation.detection.catalog.folder = /var/SymantecDLP/scan/catalog
# The location of offline catalog files on the enforce.
com.vontu.discover.enforce.remediation.detection.catalog.folder = /var/SymantecDLP/scan/catalog