KB Article | Forcepoint Support

Problem Description

I have encountered an issue with my Forcepoint DLP environment and wish to open a Support case for assistance. What log files from the environment would be useful for the technician to check?

Resolution

When creating a case with Forcepoint Technical Support, please ensure that the correct version number is provided. Be as descriptive as possible when explaining the issue.

The logs of interest are dependent on the component that is experiencing the issue. Please refer to each section below for more information and note that this is not a comprehensive list.

DLP Manager Server

For issues with the following:
  • Forcepoint DLP Web UI (tomcat)
  • Deployment Issues
  • User Directory Imports
  • Backup and Restoration
  • Upgrade Issues
Provide the following:
  • UI or Deployment Issues (Tomcat) - %DSS_HOME%tomcat\Logs\dlp\dlp-all.log
  • Incident Insertion Issues (Batch Server) - %JETTY_HOME%service-container\container\logs
  • SVOS Output - SerVerinfoOS (SVOS) is a utility used for gathering information concerning an environment's Forcepoint DLP installation. It will automatically collect the relevant logs and files that are useful for analysis.
    1. Download DLP SVOS.zip attached to this article and extract it to the server. There are versions for 8.4 and 8.6 or higher.
    2. Ensure that you are logged into the server as the service account running Forcepoint DLP services
    3. Open an administrative command prompt and navigate to the location where the SVOS scripts have been extracted
    4. Run the following command: pythonSVOS_8_4.pyc or python SVOS_8_6.pyc
    5. If errors are encountered running the script, the partial results of the SVOS can be collected under %TEMP% (or in its parent directory)

Secondary Server(s) - Discovery/Fingerprinting Crawler, Endpoint Server, OCR Server

For issues with the following:
  • Discovery or Fingerprinting tasks in which the Secondary Server's Crawler is in use
  • Endpoint Server issues
  • OCR issues
  • General Secondary Server issues
Provide the following:
  • Specific Components - %DSS_HOME%Logs\
  • SVOS Output - SVOS can also be used on Secondary Servers. Please refer to the steps above.

Linux Appliances - Web Content Gateway, Email Security Gateway, DLP Protector, Analytics Engine

Note For appliances provided by Forcepoint, assistance from Technical Support is needed to obtain root access to the machines. A tool such as WinSCP can be used to pull files from the environment.

For issues with the following:
  • Policy issues pertaining to a specific component
  • Performance issues
  • Registration issues
Provide the following:
  • /opt/websense/PolicyEngine/Logs

Endpoint Clients

For issues with the following:
  • Endpoint Client Communication Issues
  • Endpoint Performance Issues
  • Endpoint Policy Application
Provide the following:
  • Endpoint Build Number
  • Classifier (Policy Engine) Version
  • ClientInfo Output - Execute ClientInfo.exe within the Endpoint installation directory. This will collect logs and configuration information within an archive file placed on the user's Desktop. For more information, please refer to this article.

CASB

For issues with the following:
  • CASB Registration to DLP
  • CASB API Issues
Provide the following:
  • Instance Name - This can be found in the CASB Skyfence interface taking a form such as <INSTANCE>.skyfencenet.com under Settings > Tools and Agents > Endpoint Agents
  • %DSS_HOME%tomcat\Logs\dlp\dlp-all.log
  • %DSS_HOME%mediator\logs\mediator.out




Keywords: DLP Data Security; How do I collect logs: SVOS: SVOP; Open Case; Protector; WCG; ESG; CASB; Data Security Manager; Policy Issue; DLP Console Not Working; Policy Not Working; ServerInfo

Attachments

DLP SVOS.zip

Article Feedback



Thank you for the feedback and comments.