ICDx

After getting the DB side set up & JRE DLL pulled over. I fired up the DLP collector... after a few false starts for Oracle parameter, I got  a data pull. I went away for a few days so it could ingest the content, and I only see the original pull of data... nothing since then. We've definitely had DLP alerts in that time frame.

I see my restart event in the log, but nothing else.  Is there a way to enable debug logging for the DLP collector of some sort so I can see what's going on?

Thanks a bunch!
Larry

------------------------------
Texas Instruments Incorporated
------------------------------

Hi Larry, Yes, there is.

0. ssh to the icdx server

1. Switch to the icdx user, assuming during the installation you used the default user:
sudo -su icdx

2. Go to the DLP collector work directory:
cd $SYMC_HOME/apps/collector/database/sdlp_col_dx/<collector-uuid>

Where the <collector-uuid> is the collector's UUID (you can see the uuid on the collector's configuration page)

3. Open the logback.xml file with a text editor, for example:
vim logback.xml

4. Add the 3 lines below after <logger name="lifecycle" level="info"/> line:

<logger name="com.symantec.cas.ucf.sensors" level="debug">
  <appender-ref ref="FILE"/>
</logger>

5. Save the file and exit the editor.

6. Go to the icdx log directory and tail the log file:
cd $SYMC_LOG
tail -f sdlp_col_dx-<collector-name>-<collector-uuid>.log

Note, you don't need to restart anything.

Good luck and let me know what you see.
Roumen

------------------------------
Roumen
SED, Broadcom
------------------------------

Original Message:
Sent: 11-11-2020 03:24 PM
From: LARRY NAIL
Subject: DLP Collector not getting data

After getting the DB side set up & JRE DLL pulled over. I fired up the DLP collector... after a few false starts for Oracle parameter, I got  a data pull. I went away for a few days so it could ingest the content, and I only see the original pull of data... nothing since then. We've definitely had DLP alerts in that time frame.

I see my restart event in the log, but nothing else.  Is there a way to enable debug logging for the DLP collector of some sort so I can see what's going on?

Thanks a bunch!
Larry

------------------------------
Texas Instruments Incorporated
------------------------------

worked like a charm, thanks.

------------------------------
Texas Instruments Incorporated
------------------------------

Original Message:
Sent: 11-11-2020 04:11 PM
From: Roumen Roupski
Subject: DLP Collector not getting data

Hi Larry, Yes, there is.

0. ssh to the icdx server

1. Switch to the icdx user, assuming during the installation you used the default user:
sudo -su icdx

2. Go to the DLP collector work directory:
cd $SYMC_HOME/apps/collector/database/sdlp_col_dx/<collector-uuid>

Where the <collector-uuid> is the collector's UUID (you can see the uuid on the collector's configuration page)

3. Open the logback.xml file with a text editor, for example:
vim logback.xml

4. Add the 3 lines below after <logger name="lifecycle" level="info"/> line:

<logger name="com.symantec.cas.ucf.sensors" level="debug">
  <appender-ref ref="FILE"/>
</logger>

5. Save the file and exit the editor.

6. Go to the icdx log directory and tail the log file:
cd $SYMC_LOG
tail -f sdlp_col_dx-<collector-name>-<collector-uuid>.log

Note, you don't need to restart anything.

Good luck and let me know what you see.
Roumen

------------------------------
Roumen
SED, Broadcom

Original Message:
Sent: 11-11-2020 03:24 PM
From: LARRY NAIL
Subject: DLP Collector not getting data

After getting the DB side set up & JRE DLL pulled over. I fired up the DLP collector... after a few false starts for Oracle parameter, I got  a data pull. I went away for a few days so it could ingest the content, and I only see the original pull of data... nothing since then. We've definitely had DLP alerts in that time frame.

I see my restart event in the log, but nothing else.  Is there a way to enable debug logging for the DLP collector of some sort so I can see what's going on?

Thanks a bunch!
Larry

------------------------------
Texas Instruments Incorporated
------------------------------