In the Symantec DLP UI, navigate to Administration -> System -> Overview
In the line for the Enforce server, the column 'Incident Queue' is not zero. I don't see any .idc files in the /incident folder. Where are those incidents?
An incident is received by the MonitorController, which puts them into files in the incident folder. The IncidentPersister then picks up the files and puts the incidents into the database. The Notifier service notifies the Manager service of the new incidents. The Manager service then takes the incidents and applies any lookup operations and applies any policy rule required changes and any Enforce level response rules operations.
When the 'Incident Queue' is greater than zero the incidents have been put into the database, but have not been processed by the Manager service. They are in the database, but in an incomplete state.
Imported Document ID: TECH221669
Subscribing will provide email updates when this Article is updated. Login is required.