You have issues with your Cloud Connector(s) and have the following issues:
Several days with no new incidents from a Cloud Connector.
Incident queue, as it relates to the Cloud Connector has maxed out at 1000.
No incidents reported under 'Last 24 hours'.
Protect\logs\debug\VontuMonitorController.log (\SymantecDetectionServerController.log in 15.1 and newer) Exception in thread "Incidents_application_updaterWorker_1" java.lang.OutOfMemoryError: Java heap space
Incidents are queued on the Cloud Detector(s) and cannot be processed by Enforce after hitting 1000 queued incidents because of the Java memory heap filling up.
Note: If you have more than 1 Cloud Connector, the total number of queued incidents between all of your Cloud Connectors combined will be 1000 queued incidents.
Increase Java Heap memory in the VontuMonitorController.conf (SymantecDetectionServerController.conf in 15.1 and newer) file located here: Protect\config\VontuMonitorController.conf
NOTE: Before increasing JVM memory, ensure the system has ample free memory or usable standby memory.
Example: Original Values # Initial Java Heap Size (in MB) wrapper.java.initmemory = 128 wrapper.java.maxmemory = 2048
After increasing the Java Heap init and max values, restart the VontuMonitorController or SymantecDetectionServerController service and wait a few minutes. You should see the queue numbers start dropping and the number of processesd incidents go up as the incidents are sent to the Enforce Server to be written to the database.
Depending on the amount of time that the queue was backed up, it may take hours or days to completely parse through the backed up incident queue.
Subscribing will provide email updates when this Article is updated. Login is required.