I am experiencing more and more issues of users reporting they are not able to open incidents anymore.
It's always the same behaviour: User clicks on an incident and gets the following error message:
An unexpected error has occurred. This could be due to one of the following: 1) Your session timed out and you selected a link that was no longer valid, 2) You used the browser back or forward button placing the system into an inconsistent state, or 3) The system experienced a temporary problem.
No incident data is displayed at all, just the red bar.
It seems like the manager is not able to get the conditions of numerous incidents. After checking the logfiles, I found an entry for each attempt to open such an incident.
As an example:
30 Apr 2015 17:18:41,820- Thread: 23 WARNING [com.vontu.manager.report.snapshot.IncidentDetailPage] (MANAGER.200) Error generating match highlighting for incident 2'244'070, incident detail will be rendered without them
Cause:
com.vontu.manager.report.snapshot.matches.MatchHighlightingException: Error marking violating content for incident 2244070
java.lang.IllegalArgumentException: Condition ID 2762 not present in policy [%POLICYNAME%
I want to know what is going on and if I am able to fix this in one way or another.
To do so, the thing I thought about was logging the JDBC and therefore SQL traffic between the DLP server and the database. I have tried to implement the log4jdbc module, but it's not really working properly.
Just a few minutes ago, I discovered the potential built-in method to log JDBC in this forum topic (SystemDiagnostics.Do):
http://www.symantec.com/connect/forums/incident-queue-backlogged-alert-1814
Thing is, in 12.5.2 this does not seem to be available.
Is there any other way to log JDBC communications of DLP in version 12.5.2?