Data Loss Prevention

Here is how I configured Script Lookup Plugin

When I run the script manually with elevated command prompt, it runs perfectly.

However, when I run it with DLP Enforce Server there are problems.

This script uses sysinternals to find last logged in user, not WMI (I was told that WMI doesn't work in DLP)

import sys, subprocess, socket, string
import wmi, win32api, win32con

for args in [item.strip('sender-ip=') for item in sys.argv[1:]]:

    userIP = args
    userloggedon = ""
    
    # perform system lookup of IP address
    userIP = "\\\\" + userIP
    
    pst = subprocess.Popen(
            ["D:\pstools\psloggedon.exe", "-l", "-x",  userIP],
            stdout = subprocess.PIPE,
            stderr = subprocess.PIPE
        )
 
    out, error = pst.communicate()

    userLoggedOn = out.split('\n')[1].strip()
    print 'userId={}'.format(userLoggedOn)

Now when I click "Look up" I get an error in red that says "No Lookup plugins configured. Attribute lookup not performed." and "Custom Attribute lookup failed."

I was told to keep increasing the timeout value in D:\SymantecDLP\Protect\config\Plugins.PROPERTIES

# Lookup timeout in milliseconds.
com.vontu.api.incident.attributes.AttributeLookup.timeout=600000

Here are the Tomcat logs

6 May 2014 13:53:56,304- Thread: 22 SEVERE [com.vontu.manager.incident.operation.LookupCustomAttributes] Lookup plug-in com.vontu.lookup.script.ScriptLookup timed out. It was unloaded.
Cause:
com.vontu.api.incident.attributes.AttributeLookupException: Lookup plug-in com.vontu.lookup.script.ScriptLookup timed out. It was unloaded.
com.vontu.api.incident.attributes.AttributeLookupException: Lookup plug-in com.vontu.lookup.script.ScriptLookup timed out. It was unloaded.
    at com.vontu.enforce.workflow.attributes.CustomAttributeLookup.lookup(CustomAttributeLookup.java:415)
    at com.vontu.enforce.workflow.attributes.CustomAttributeLookup.lookupAndSave(CustomAttributeLookup.java:484)
    at com.vontu.manager.incident.operation.LookupCustomAttributes.execute(LookupCustomAttributes.java:64)
    at sun.reflect.GeneratedMethodAccessor574.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.vontu.manager.struts.transactions.AllowsTransactionalProxy.invoke(AllowsTransactionalProxy.java:69)
    at $Proxy237.execute(Unknown Source)
    at com.vontu.manager.struts.PrivilegedProtectAction.run(PrivilegedProtectAction.java:122)
    at com.vontu.manager.struts.ProtectActionProcessor.execute(ProtectActionProcessor.java:134)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    at com.vontu.manager.ProtectServlet.processRequest(ProtectServlet.java:124)
    at com.vontu.manager.ProtectServlet.access$100(ProtectServlet.java:29)
    at com.vontu.manager.ProtectServlet$PrivilegedHttpRequest.run(ProtectServlet.java:146)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at com.vontu.manager.ProtectServlet.service(ProtectServlet.java:110)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at sun.reflect.GeneratedMethodAccessor277.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:166)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:299)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.logging.LogUserActionFilter.doFilter(LogUserActionFilter.java:40)
    at sun.reflect.GeneratedMethodAccessor494.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.AccessControlledFilter.doFilter(AccessControlledFilter.java:52)
    at sun.reflect.GeneratedMethodAccessor573.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.AccessControlledFilter.doFilter(AccessControlledFilter.java:52)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at sun.reflect.GeneratedMethodAccessor287.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.AccessControlledFilter.doFilter(AccessControlledFilter.java:52)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at sun.reflect.GeneratedMethodAccessor287.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.LocaleResolutionFilter.doFilter(LocaleResolutionFilter.java:53)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at sun.reflect.GeneratedMethodAccessor287.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.InitThreadLocalModelStateFilter.doFilter(InitThreadLocalModelStateFilter.java:65)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at sun.reflect.GeneratedMethodAccessor287.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.JDBCSessionLoggingFilter.doFilter(JDBCSessionLoggingFilter.java:35)
    at sun.reflect.GeneratedMethodAccessor437.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.SessionMutexFilter.executeFilter(SessionMutexFilter.java:53)
    at com.vontu.manager.filters.AsyncExclusionFilter.doFilter(AsyncExclusionFilter.java:34)
    at sun.reflect.GeneratedMethodAccessor572.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.InitSessionStateFilter.doFilter(InitSessionStateFilter.java:72)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at sun.reflect.GeneratedMethodAccessor287.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:83)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    at sun.reflect.GeneratedMethodAccessor287.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.NoCacheHeaderFilter.doFilter(NoCacheHeaderFilter.java:23)
    at sun.reflect.GeneratedMethodAccessor320.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.UserAgentFilter.doFilter(UserAgentFilter.java:75)
    at sun.reflect.GeneratedMethodAccessor333.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at com.vontu.manager.filters.P3PHeaderFilter.doFilter(P3PHeaderFilter.java:32)
    at sun.reflect.GeneratedMethodAccessor286.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
    at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:271)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
    at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:246)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
    at com.vontu.manager.security.VontuFormAuthenticatorValve.invoke(VontuFormAuthenticatorValve.java:65)
    at com.vontu.manager.security.ClientCertificateLoginValve.invoke(ClientCertificateLoginValve.java:81)
    at com.vontu.manager.security.SpcSsoValve.invoke(SpcSsoValve.java:106)
    at com.vontu.manager.security.IpCatcherValve.invoke(IpCatcherValve.java:73)
    at com.vontu.manager.security.CharacterEncodingValve.invoke(CharacterEncodingValve.java:42)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:539)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:300)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

You may need to open a support case. It looks like the script is not recognized by Enforce based on your screen shot above. We do support the loading of the scripts, so if this is not working, or you have discovered a bug, we will need to get Engineering on this issue. Also, Support is not equipped to help with your scripts and you may need to contact Professional Services to help with this solution.

This is may not be related to timeouts.. but more so to do with script and the credentials. Does it ever work?

This script never works when I plug it into DLP enforce server

We do not have funding to contact Professional Services, how can I troubleshoot this on my own?

You should contact the script author. If you have now taken on that role, you may need to invest time into learning the scripting language. In general, you should try to have the script perform it's lookup outside of DLP first, so that you know it is working. Then once it is working and pulling data, you can load it into DLP.

What language is the script written in? Perhaps I can point you at some resources.

Best,

Ryan

Ryan,

I am the script author and it works perfectly outside of DLP. The below script is written in Python.

import sys, subprocess, socket, string
import wmi, win32api, win32con

for item in sys.argv:
    s = item
    if "sender-ip=" in s: 
        a = s.replace(',', '')
        
userIP = a.strip('sender-ip=')
userloggedon = ""
    
# perform system lookup of IP address
userIP = "\\\\" + userIP
    
pst = subprocess.Popen(
        ["D:\pstools\psloggedon.exe", "-l", "-x",  userIP],
        stdout = subprocess.PIPE,
        stderr = subprocess.PIPE
    )
 
out, error = pst.communicate()
    
    
userLoggedOn = out.split('\n')[1].strip()
print 'userId={}'.format(userLoggedOn)

On the other hand if I include error checking in my script, it always outputs "WMI unreachable" even though the actual script will output userId=DOMAIN\username

Script with error-checking

import sys, subprocess, socket, string
import wmi, win32api, win32con

for item in sys.argv:
    s = item
    if "sender-ip=" in s: 
        a = s.replace(',', '')
        
userIP = a.strip('sender-ip=')
userloggedon = ""

# subprocess
ping = subprocess.Popen(
    ["ping", "-n", "1", userIP],
    stdout = subprocess.PIPE,
    stderr = subprocess.PIPE
)
 
# can we ping the user's IP address?
out, error = ping.communicate()
 
# if we cannot ping user's IP address then userID is the error message, and exit
if out.find("Reply from") == -1:
    errorMessage = "HOST unreachable."
    print 'errorMsg={}'.format(errorMessage)
    sys.exit()
 
# if we cannot access wmi of user's IP address then userID is the error message, and exit
try:
    c = wmi.WMI(userIP)
except:    
    errorMessage= "WMI unreachable"
    print 'errorMsg={}'.format(errorMessage)
    sys.exit()
        
# perform system lookup of IP address
userIP = "\\\\" + userIP
    
pst = subprocess.Popen(
        ["D:\pstools\psloggedon.exe", "-l", "-x",  userIP],
        stdout = subprocess.PIPE,
        stderr = subprocess.PIPE
    )
 
out, error = pst.communicate()
    
    
userLoggedOn = out.split('\n')[1].strip()
print 'userId={}'.format(userLoggedOn)

And here is the output. Notice the green bar, which shows the script executed without error.

When I see tomcat logs it shows the username and password in cleartext (even though I encrypted them through DLP)