Message Image

Skip main navigation (Press Enter).

Data Loss Prevention

View Only

Back to discussions

Expand all | Collapse all

Clearing a stuck Incident Queue on the Enforce server

Troy MayAug 20, 2018 10:14 AM

I've read the documentation and it seems that restarting the VontuIncidentPersister is the only fix. ...

DLP SolutionsAug 20, 2018 04:19 PM

Troy, You should also recycle the VontuMonitor. Check the logs as well.. most of the time there ...

1. Clearing a stuck Incident Queue on the Enforce server

0 Recommend
Troy May
Posted Aug 20, 2018 10:14 AM

Reply Reply Privately
I've read the documentation and it seems that restarting the VontuIncidentPersister is the only fix. I'm running version 14.6.02 of DLP (which supposedly you do not have to keep restarting the service to fix this) and I have over 360,000 in the queue, and it's NOT processing automatically like Symantec states.

My question....is there another way of fixing this or do I really need to restart this service 360 more times?
2. RE: Clearing a stuck Incident Queue on the Enforce server

0 Recommend
Trusted Advisor

DLP Solutions
Posted Aug 20, 2018 04:19 PM

Reply Reply Privately
Troy,

You should also recycle the VontuMonitor.

Check the logs as well.. most of the time there is 1 large file or incident that is corrupted that is stopping the other events to be processed.

In some cases it might be best to Stop the Services and Copy the Incident files to another directory. Restart the services and make sure the system is still working.

Then copy the files Bit by bit back to the incident directory.. I would start with Newest first to see where the hiccup is.

Also What are the Specs of the Enforce server and have you tuned the settings for the to deal with the high or low Memory you have for the system?

Good Luck

Ronak

PLEASE MARKED SOLVED WHEN POSSIBLE

Copyright 2019. All rights reserved.

Powered by Higher Logic