You want to relocate any of the spool or drop folders on a DLP Detection or Enforce server to an alternate location.
There are multiple places that changes need to be made depending on the situation, goal, and version of DLP:
If you are attempting to change the pooling location for packet capture on a Network Monitor server:
On Version 7:Change com.vontu.packetcapture.dir in Protect.properties on the Detection Server itself
On version 8 and later: Change the source folder override section on the configure server screen of a network monitor:
The source folder is the directory the server uses to buffer network streams before it processes them. The recommended setting is to leave the Source Folder Override field blank to accept the default. If you want to specify a custom buffer directory, type the full path to the directory.
If you wish to change the location of the rest of the drop folders that normally reside on the root of the C: drive
You must edit the Protect.properties file on the Detection Server. For instance, if you want to use d:\Apps as your drop root, configure the paths as follows:
# Endpoint aggregator drop folder com.vontu.aggregatorinductor.dir = d:/Apps/drop_ep
# Endpoint two-tier detection drop folder com.vontu.ttdinductor.dir = d:/Apps/drop_ttd
# Endpoint log files drop folder com.vontu.endpoint.log.dir = d:/Apps/drop_epl