Procedure to move /pcap or drop folders to different drive from c:
search cancel

Procedure to move /pcap or drop folders to different drive from c:

book

Article ID: 159777

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Enforce Data Loss Prevention Network Discover Data Loss Prevention Endpoint Discover

Issue/Introduction

You want to relocate any of the spool or drop folders on a DLP Detection or Enforce server to an alternate location.

Resolution

There are multiple places that changes need to be made depending on the situation, goal, and version of DLP:

If you are attempting to change the pooling location for packet capture on a Network Monitor server:

Change com.vontu.packetcapture.dir in Protect.properties on the Detection Server itself

 

If you wish to change the location of the rest of the drop folders...

Default Path: C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\16.0.00000\drop

You must edit the Protect.properties file on the Detection Server.  You would modify the following paths to your desired location.

# Endpoint log files drop folder
com.vontu.endpoint.log.dir = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/16.0.00000/drop/endpointlogs

# Endpoint two-tier detection drop folder
com.vontu.ttdinductor.dir = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/16.0.00000/drop/endpointTTD

# Endpoint aggregator drop folder
com.vontu.aggregatorinductor.dir = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/16.0.00000/drop/endpoint

# SMTP copy rule drop folder
com.vontu.copyrule.dir = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/16.0.00000/drop/SMTP

# ICAP request processor spool folder
com.vontu.icap.spool.dir = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/16.0.00000/spool/ICAP

# PacketCapture drop folder
com.vontu.packetcapture.dir = C:/ProgramData/Symantec/DataLossPrevention/DetectionServer/16.0.00000/drop/PacketCapture

You will need to manually create any new folders on the Detection Server for any changes you wish to make.  Any folder used above will need full permissions to the Protect user for normal processing.

Then recycle the server.

 

Note:  The Spool packet directory and drop directories need to be on the same partition on Linux.

 

For Linux the default locations are the following:

# Endpoint log files drop folder
com.vontu.endpoint.log.dir = /var/spool/Symantec/DataLossPrevention/DetectionServer/15.8.00000/drop/endpointlogs

# Endpoint two-tier detection drop folder
com.vontu.ttdinductor.dir = /var/spool/Symantec/DataLossPrevention/DetectionServer/15.8.00000/drop/endpointTTD

# Endpoint aggregator drop folder
com.vontu.aggregatorinductor.dir = /var/spool/Symantec/DataLossPrevention/DetectionServer/15.8.00000/drop/endpoint

# SMTP copy rule drop folder
com.vontu.copyrule.dir = /var/spool/Symantec/DataLossPrevention/DetectionServer/15.8.00000/drop/SMTP

# ICAP request processor spool folder
com.vontu.icap.spool.dir = /var/spool/Symantec/DataLossPrevention/DetectionServer/15.8.00000/ICAP

# PacketCapture drop folder
com.vontu.packetcapture.dir = /var/spool/Symantec/DataLossPrevention/DetectionServer/15.8.00000/drop/PacketCapture