Hi all,
I have two simple test policies on DLP (ver.14.5) (Encofce and Network Prevent for Email)
- Policy1: raise an incident if email\smpt traffic is detected. This policy works as a charm and incidents are being raised.
- Policy2: raise an incident if email\smtp traffic is detected and sender is a member of User Group. Unfortunatelly this Policy doesn't generate incidents.
So, obvioulsy something wrong with:
- Directory Connections (sync=OK, replication=Ok)
- User Group. (Refresh group directory index on Save)
- Etc.
I would like to see what is going on in a background when NPM processes emails against each policy. I need either detailed log (debbug).
Admin Guide says:
Debug log files record fine-grained technical details about the individual processes or software components that comprise Symantec Data Loss Prevention. The contents of debug log files are not intended for use in diagnosing system configuration errors or in verifying expected software functionality. You do not need to examine debug log files to administer or maintain an Symantec Data Loss Prevention installation. However, Symantec Support may ask you to provide debug log files for further analysis when you report a problem. Some debug log files are not created by default. Symantec Support can explain how to configure the software to create the file if necessary.
Surely I can open ticket... but it will take a few days before I get an answer on this question. I am pretty sure that each DLP admin at least once faced situation when policy didn't work as expected.
Which *logging.properties and where I should modify to debbug policies.
Thanks.