Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Data Insight Lookup Plugin fails on v12

Created: 07 Jan 2014 • Updated: 08 Jan 2014 | 13 comments
ADILT's picture
This issue has been solved. See solution.

When attempting to use the lookup plugin button on the below incident:

Di1.png

 

Steps taken:

1. Configured connection from DLP to Data Insight in DLP

Di2.png

 

2. Configured Lookup plugin in DLP for:

Data_User=attr.data-owner-name
Business_Owner=attr.Business\ Owner
Data_User_Last_Access=attr.Data\ User\ Last\ Access
Data_User_Reads=attr.Data\ User\ Reads
Data_User_Writes=attr.Data\ User\ Writes

Di3.png

 

3. Configured Lookup Parameter Keys in DLP:

Incident
Message
Sender

Di4.png

 

4. Configured Modify Lookup Plugin Chain in DLP

Di5.png

 

5. Configured attributes in DLP

Business Owner
Data User Last Access
Data User Reads              
Data User Writes

Di6.png

 

6. Configured a Discover Report in DLP

Report id = 1320

Di7.png

 

7. Configured Data Insight connection to DLP

Di8.png

 

8. Configured and scanned windows filer on Data Insight (waited about a week for data user information to populate in Data Insight after scan)

Di9.png

 

9. Checked file for user information and found data owner info

Di10.png

Di11.png

 

Still DLP lookup fails. 

 

Any help?

Operating Systems:

Comments 13 CommentsJump to latest comment

DLP Solutions's picture

Did you import the DLP Web certificate in to the Data Insight keystore? If not the communication will not work.

See the enclosed file...

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak

AttachmentSize
Data Insight Certificate.pdf 468.43 KB

Please make sure to mark this as a solution

to your problem, when possible.

 

ADILT's picture

DLP Solutions, I followed the instructions in the document you provided but still no luck. Plug in still fails with:

 

General
Type Severe   Time Jan 8, 2014 12:20:41 PM
Server Enforce Server   Host 127.0.0.1

 

Message
Code 2115
Summary Custom attribute lookup failed
Detail Failed to instantiate lookup plug-in com.vontu.lookup.datainsight.DataInsightLookup. It was unloaded. Error message: Unable to retrieve info from Data Insight     

 

DLP Solutions's picture

When you Tested the DI connection to DLP.. did it work? I see DLP to DI worked.

I would enable the Lookup Logging setting for the enforce server (System > Logs> Configuration Tab >Custom Attribute Lookup Logging).. then try it again.

This will increase the logging on the enforce server.. then look at the tomcat logs.. lots of info then.

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak

Please make sure to mark this as a solution

to your problem, when possible.

 

ADILT's picture

Below is the log with minor sanitation:

08 Jan 2014 16:27:21,270- Thread: 115 FINE [com.vontu.enforce.workflow.attributes.CustomAttributeLookup] Invoking attribute lookup using com.vontu.lookup.datainsight.DataInsightLookup: {Phone=null, discover-repository-location=//x.x.x.44/MyShare~1/sample-data22.txt, subject=null, Sender Email=null, Data User Writes=null, date-detected=Tue Jan 07 13:24:32 EST 2014, incident-id=590, discover-name=sample-data22.txt, endpoint-volume-name=null, data-owner-email=null, discover-content-root-path=//x.x.x.44/MyShare~1, file-create-date=Mon Jan 06 15:39:30 EST 2014, Region=null, Employee Code=null, endpoint-application-name=null, Manager First Name=null, path=//x.x.x.44/MyShare~1/sample-data22.txt, Assigned To=null, Business Unit=null, Manager Last Name=null, endpoint-application-path=null, Department=null, discover-location=//x.x.x.44/MyShare~1/sample-data22.txt, Data User Last Access=null, endpoint-dos-volume-name=null, protocol=File System, Resolution=null, file-owner=null, file-access-date=null, date-sent=Mon Jan 06 15:39:30 EST 2014, Postal Code=null, Business Owner=null, endpoint-file-name=null, file-modified-by=null, Country=null, endpoint-file-path=null, Manager Email=null, HostName=null, discover-extraction-date=null, plugin-chain-id=0, Manager Phone=null, file-created-by=null, discover-server=x.x.x.44, Data User Reads=null, data-owner-name=null, Dismissal Reason=null, Last Name=null, First Name=null, file-owner-domain=null}.

08 Jan 2014 16:27:21,322- Authentication error: Unable to respond to any of these challenges: {}
08 Jan 2014 16:27:21,345- Authentication error: Unable to respond to any of these challenges: {}
08 Jan 2014 16:27:21,345- Thread: 395 WARNING [com.vontu.matrixcommunication.lookupinvocation.FilePathInfoRequestHandler] Problem executing request
Cause:
com.vontu.matrixcommunication.api.MatrixLoginException
com.vontu.matrixcommunication.api.MatrixLoginException
at com.vontu.matrixcommunication.util.ResponseStatusEvaluator.interpretResponseStatus(ResponseStatusEvaluator.java:28)
at com.vontu.matrixcommunication.util.ResponseStatusEvaluator.checkCorrectCredentials(ResponseStatusEvaluator.java:14)
at com.vontu.matrixcommunication.DataInsightRequestor.issueRequest(DataInsightRequestor.java:103)
at com.vontu.matrixcommunication.DataInsightRequestor.reissueRequest(DataInsightRequestor.java:92)
at com.vontu.matrixcommunication.DataInsightRequestor.handleLoginFailure(DataInsightRequestor.java:83)
at com.vontu.matrixcommunication.DataInsightRequestor.sendRequestToServer(DataInsightRequestor.java:72)
at com.vontu.matrixcommunication.DataInsightRequestor.makeRequest(DataInsightRequestor.java:40)
at com.vontu.matrixcommunication.lookupinvocation.GetFilePathInfoRequestor.makeRequest(GetFilePathInfoRequestor.java:42)
at com.vontu.matrixcommunication.lookupinvocation.FilePathInfoRequestHandler.handleRequest(FilePathInfoRequestHandler.java:42)
at com.vontu.matrixcommunication.lookupinvocation.DataInsightLookupCommunicatorImpl.getFilePathInfo(DataInsightLookupCommunicatorImpl.java:50)
at com.vontu.lookup.datainsight.DataInsightAttributeLookup.lookupAttributes(DataInsightAttributeLookup.java:72)
at com.vontu.lookup.datainsight.DataInsightLookup.lookupAttributeValues(DataInsightLookup.java:28)
at com.vontu.enforce.workflow.attributes.CustomAttributeLookup$1.call(CustomAttributeLookup.java:395)
at edu.oswego.cs.dl.util.concurrent.FutureResult$1.run(FutureResult.java:75)
at com.vontu.util.concurrent.TimedCallablePool$Worker.run(TimedCallablePool.java:392)
 
 
 
 
The main issue I do is is:
08 Jan 2014 16:27:21,322- Authentication error: Unable to respond to any of these challenges: {}
 
Cause:
com.vontu.matrixcommunication.api.MatrixLoginException

 

 

Still have issue

ADILT's picture

Also, as you can see DI connection to DLP tests successfully:

Di12.png

DLP Solutions's picture

Adilt,

Try the following:

  1. In the DLP console change the username that you use to log in to the DI console, I would try not to use Administrator but a persons account.
  2. If that does not work then use the following format "<domain>\<username>"

 

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak

Please make sure to mark this as a solution

to your problem, when possible.

 

SOLUTION
ADILT's picture

Thank you very much DLP Solutions,

I was able to get it working after:

1. Updated DNS with Enforce and Data Insight A records and PTR

2. Changing the DLP to Data Insight, Data Insight login user to <domain.com>\<username>

Di13.png

 

Now it works. Even if Data Insight does not have any audit information on a file, it still works. If there is audit info then it populates it as requested.

 

Thank you again.

DLP Solutions's picture

ADILT,

Glad I coule help.. can you tell me what fixed the issue.

Aslo make sure to revert the log settings back to default on the Enforce server..

Hope this makes sense.

 

Ronak

Please make sure to mark this as a solution

to your problem, when possible.

 

haroldvm89's picture

Excellent info for configuring and troubleshooting Data Insight!!! 

Thanks! :)

haroldvm89's picture

Hello everyone!

I'm having a problem, when autheticating DLP on DI.

Error_DI_DLP.png

Anyone knows a possible solution for this? I'm stuck

Thanks!

 

DLP Solutions's picture

Try the following:

  1. In the DLP console change the username that you use to log in to the DI console, I would try not to use Administrator but a persons account.
  2. If that does not work then use the following format "<domain>\<username>"

 

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak

Please make sure to mark this as a solution

to your problem, when possible.

 

haroldvm89's picture

Hi DLPSolutions!

Thanks for the info, but it's not working for me. 

Does this problem could be related with SSL certificate (See link) when importing from DLP to DI?

https://www-secure.symantec.com/connect/forums/enf...

 

Thanks!

 

 

DLP Solutions's picture

This coule be your problem.. You will need to exchange the certs on both servers.

So you will need to import the cert for DLP into DI and DI into DLP.

One is easier than the other..

I have attached a document that helps with the process to make sure they can communicate.

Hope this makes sense.

If this solves your questions please marked as solved.

Ronak

AttachmentSize
Data Insight Certificate.pdf 468.43 KB
Data Insight SSL Cert.pdf 1.26 MB

Please make sure to mark this as a solution

to your problem, when possible.