Video Screencast Help

DLP Network Prevent for Web and TMG

Created: 21 Aug 2014 • Updated: 26 Aug 2014 | 12 comments
This issue has been solved. See solution.

Good day!

I installed DLP 12.5 and detection server Network Prevent for Web. I'm trying to integrate it with TMG 2010 Enterprise. I installed symc_tmg_plugin on TMG and configured it. I see in WebPrevent_Access0.log requests GET and POST, but in web console DLP I don't see messages for server Network Prevent for Web. What is the problem? Please, help me!

Operating Systems:

Comments 12 CommentsJump to latest comment

Sym_DLP's picture

Hi,

What do you mean by Messages, do you mean the traffic? or do u mean you are not able to see any incidents?

(Assuming you have integrated properly)

If it is Incidents,Please ensure that you have applied few policies for this Detection server(Check your Policy grous and Policies)

If you are talking about the Messages in the System overview page, Then recycle the server from the System overview page,you will be able to get messages if everything is cofigured well.

VeronikaStr's picture

Thank you for reply!
I am talking about Messages in the System overview page. I was trying to recycle the server but it didn't help. Wherein I see in log file WebPrevent_Access0.log strings with requests POST. Where may be an error in settings?

RemezRA's picture

Hello VeronikaStr,

Try to generate a violation of  DLP policy and verify that appear new incident and messages on Servers>Overview or System>Servers>Traffic>Network Prevent for Web. If All right - should appear new message and the incident!!! If not, check the settings.

Trust me. I am engineer!

VeronikaStr's picture

Hi!
Number of messages should increase in proportion to all traffic or just the part that falls under the policy?

RemezRA's picture

Hi!

Number of messages = number of Web requests from TMG sym plugin (for example - PUT,POST and other)

Trust me. I am engineer!

VeronikaStr's picture

Thank you! It means that Number of messages= Number of strings of log file WebPrevent_Access0.log?

RemezRA's picture

No, Number of strings of log file WebPrevent_Access0.log much more than Number of messages)

Trust me. I am engineer!

VeronikaStr's picture

Ok. I can see in real time the number of rows is increased but the number of messages does not change. It is normally?

Sym_DLP's picture

As per my understanding ,It is normal that there may be a huge difference in the number of messages and Number of strings in the Log file.I have faced this with my Endpoint Prevent component.

To cross check i have created few policy violations and have seen them coming as incidents , which really matters to me.

SOLUTION
VeronikaStr's picture

Ok!
Can you give an example of the policy, which is easy to check?

RemezRA's picture

Hi VeronikaStr,

yes, It is normal. Can you try to create few policy violations? Do you see new incidents?

Trust me. I am engineer!

Sym_DLP's picture

Try to violate any of your default policies you are using for your Web Prevent component.You should be getting an incident.