Syncplicity Support

Search our knowledgebase to get the help you need, today

Follow

Install and configure the DLP/AV Connector

The on-premises DLP/AV Connector is delivered as a virtual machine image, in OVA format, to simplify the deployment. The image is based on the CentOS 7.6 Linux operating system. It includes the necessary Syncplicity software.

After the initial installation, you must maintain the operating system on the VM, which includes staying current with updates and bug fixes.

The deployment of the DLP/AV Connector Open Virtual Appliance (OVA) file is similar to the Storage Connector OVA deployment described in Install the On-Premise Storage Connector.

Before installation, make sure to download the DLP/AV connector OVA.

Deploy the DLP/AV Connector OVA

You must use the built-in support for OVF/OVA packages of the vSphere Client to deploy a virtual machine instance for the DLP/AV Connector.

To deploy the OVF template:

  1. Connect to your VMware ESXi server by using the VMware vSphere Client.
  2. Click File > Deploy OVF Template... to initiate the process.
  3. Accept the EULA.
  4. If required, adjust the amount of memory, CPU cores, and disk space to allocate to the virtual machine.
    Ensure that the virtual machine meets the following requirements.
    • 8 gigabytes of random access memory
    • 8 virtual cores
    • hard disk drive (HDD) of at least 50 GB
  5. Start the DLP/AV Connector virtual machine that you deployed.

Log in and change the default OVA password

By default, the virtual appliance is preconfigure with an administrative account with sudo privileges called  syncp . The default password is onprem. For increased security, change this password, adhering to the minimum password requirements listed below.

  • At least 14 characters.
  • At least one of each of the following: lowercase letter, uppercase letter, number and symbol.
  • Cannot reuse the last 5 passwords.
  • Must contain at least 5 characters that are different from the previous password.

Configure the network connection

By default, the DLP/AV Connector sever does not have a firewall turned on. DLP/AV Connector listens for incoming SSH connections on TCP port 22. 

You must configure the DLP/AV Connector servers in your environment with static IP addresses.

The next steps describe how to disable the DHCP on a DLP/AV Connector OVA and assign a static IP address for the appliance.

  1. In the virtual appliance console, run the following command.
    sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0

  2. Replace the following settings with your parameters:
    DNS2=<static-ip-address-dns-server2>
    DNS1=< static-ip-address-dns-server1>
    IPADDR=<static-ip-address-for-this-server>
    GATEWAY=<gateway_ip_address>
    IPV6_AUTOCONFIG=”yes”
    NETMASK=<network-mask>
    BOOTROTO=”static”
    DEVICE=”eth0”
    ONBOOT=”yes”
    IPV6INIT=”yes”

To turn on the networking and configure the host name and domain name, follow these steps: 

  1. In the virtual appliance console, run the following command.
    sudo vi /etc/sysconfig/network

  2. Set HOSTNAME and DOMAINNAME for the DLP/AV server:
    NETWORKING=yes
    NETWORKING_IPV6=yes
    HOSTNAME =<hostname>
    DOMAINNAME==<domain_name>

To configure the Domain Name Service (DNS) servers, follow these steps: 

  1. In the virtual appliance console, run the following command.
    sudo vi /etc/resolv.conf

  2. Delete the content of the file.

  3. Add a line for the IP address or host name of each DNS server :
    nameserver <ip-address-or-host-name-of-name-server-1>
    nameserver <ip-address-or-host-name-of-name-server-2>
    nameserver <ip-address-or-host-name-of-name-server-3>

  4. Restart the network service with the following command:
    sudo systemctl restart network

The DLP/AV server now listens for incoming SSH connections only. No other ports are open. 

NOTE: By default, the DLP/AV Connector OVA image uses pool.ntp.org for time synchronization.

  • If you want to use a different network time protocol (NTP) server, edit the /etc/chrony.conf file or use chronyc to set the desired NTP server to which the DLP/AV Connector machines can connect.
  • If you use Atmos storage, make sure that both DLP/AV Connector machines and Atmos connect to the same NTP servers. Otherwise, the DLP/AV Connector will not operate as expected with the S3 storage.

Configure the DLP/AV Connector server for an NFS mounted storage

If your storage backend of choice is Atmos/Google Cloud Storage, or is using the s3 protocol, you can skip this section.

The NFS storage that needs to be mounted is the same as the one mounted on the Storage Connector. This is required in order for the DLP/AV connector to have access to the files and scan them.

Set NFS to read-write access

The DLP/AV Connector does not write any data on the backend storage, except for a marker file upon startup, which is deleted upon shutdown. This is done to prevent incorrectly marking files as corrupt due to connectivity issues during mounts. Set read-write access to the NFS storage on the DLP/AV Connector virtual appliance.

Configure Isilon

If your storage backend is Isilon, you must mount the dedicated Syncplicity share to the server at /mnt/syncp. Use the NFS file system type. To make sure the Isilon share is mounted automatically at system startup:

  1. Run the following command in the virtual appliance console.
    sudo vi /etc/fstab

  2. Add the following line to the file.

    <Isilon_cluster_name_or_IP_address>:/<Syncplicity_data_directory> <mount_point>  nfs  rw

    Where <mount_point> is the value you have set for the key rootdir for the platform section (Isilon, VNX, fs) in the configuration file /etc/syncp-das/syncp-das.yml (/etc/syncp-das/syncp-das.conf for DLP Connector 1.2.x). Do not include the addr=<server> option since this can cause connectivity issues to Isilon.

  3. Example: dlp.mycompany.com:/ifs/syncp-data  /mnt/syncdata  nfs  rw

  4. Run the following command.
    sudo mount <mount_point>

For production environments, ensure the Isilon cluster name used in the NFS mount entry in /etc/fstab is a SmartConnect DNS name for the Isilon cluster, and the SmartConnect settings are configured for dynamic IP addresses. This ensures the DLP/AV Connectors can leverage the high availability features of the EMC Isilon architecture. Configuring the mount options to access a SmartConnect zone also maximizes performance to the EMC Isilon cluster.

The Isilon storage should have a directory created specifically for Syncplicity data. This directory must have its permissions and NFS export configured for the DLP/AV Connectors, as described in the Configure Isilon Storage subsection above.

Configure standard NFS v3 or v4 storage

If your storage backend of choice uses a standard NFS v3 or v4 interface, you must mount a dedicated Syncplicity share to the server at /mnt/syncp. Make sure to use the NFS file system type.

To verify the NFS share is mounted at system startup:

  1. Run the following command in the virtual appliance console.
    sudo vi /etc/fstab

  2. Add the following line to the file.

<NFS_server_name_or_IP>:/<Syncplicity_data_directory>  /<mount_point>  nfs  rw

Where <mount_point> is the value you have set for the key rootdir for the platform section (Isilon, VNX, fs) in the configuration file /etc/syncp-das/syncp-das.yml (/etc/syncp-das/syncp-das.conf for DLP Connector 1.2.x).

Example: dlp.mycompany.com:/syncp-data /mnt/syncdata  nfs  rw

Configure the DLP/AV Connector

To complete the installation, you must obtain the access key for the StorageVault to which you want to enable DLP or AV, and edit the configuration files on the DLP/AV Connector appliances.

Retrieve the StorageVault access key

Before editing the configuration files, you need to retrieve the access key for the StorageVault for which you want to enable DLP or AV.

  1. Log in to  https://my.syncplicity.com as a Global Administrator.
  2. Click Admin > Settings .
  3. At the bottom of the page, select  Manage StorageVaults.
    The list of configured StorageVaults and their associated access keys opens.
  4. Select the StorageVault for which you want to configure DLP or AV and copy the access key.
    This should be the same access key you are using for the Storage Connectors configured for this StorageVault.
  5. If no StorageVaults are listed, click the  Add StorageVault  button to create one.
    When you complete the wizard, the access key is displayed. For detailed instructions on defining a StorageVault, see
    Adding and Editing StorageVaults.

Configure the StorageVault settings

All readily visible code samples in this section are related to DLP/AV Connector 2.x. If you want to see code samples for DLP Connector 1.2.x, please click the respective collapsible section to expand it.


  1. At the virtual machine, edit the following file using the vi editor:

    sudo vi /etc/syncp-das/syncp-das.yml

    For DLP Connector 1.2.x, the file needed is syncp-das.conf.

  2. In the syncplicity.ws section of the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x), replace <syncplicity access key> with the access key that you retrieved from the Manage StorageVault Settings. For example, accesskey: "d4jJDpO7erZEmrlKab6w"

  3. If your company is using the EU PrivacyRegion, the on-premises DLP/AV Connector must be configured with the following settings:

    syncplicity.ws.url: "https://xml.eu.syncplicity.com/1.1"
    syncplicity.ws.external.url: "https://api.eu.syncplicity.com"
    syncplicity.health.url: "https://health.eu.syncplicity.com/v1"

  4. If using a proxy, set the enable flag to true and specify the proxy host and port in the proxy section.

    syncplicity:
      httpClient:
        proxy:
          enabled: false
          host: "my_proxy.mycompany.com"
          port: 8080
    Click to expand for DLP Connector 1.2.x code sample
    syncplicity.ws {
      proxy {
        enable: true
        host: "my_proxy.mycompany.com"
        port: 8080  
      }
    }
  5. In the syncplicity.storage section of the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x), replace <storage type> with:

    • atmos for EMC Atmos systems
    • azure for Azure storage blobs
    • google for Google Cloud Storage (GCS)
    • fs for generic NFS v3 or v4, EMC Isilon or EMC VNX systems
    • s3 for EMC ECS systems or AWS s3 buckets

    For example, if you are configuring for Azure blob storage, enter:

    syncplicity:
      storage:
        # The backend storage type. One of { fs, s3, azure, atmos, google }
        type: azure
    Click to expand for DLP Connector 1.2.x code sample
    syncplicity.storage {
      type: "azure"
    }

    The storage settings in the syncp-das.yml file are equivalent to the configuration parameters for the Storage Connector. See here for more information.

  6. If type is atmos, configure your Atmos storage settings. Under the atmos section of the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x), set url to the URL and port to the port the Atmos installation listens. Explicitly include the port number. Set token to your Atmos authentication token and set secret to your Atmos secret key. For example:

    syncplicity.storage.atmos:
      url: "https://atmos.internal:443"
      token: "7ce21bbh56ek8feg0a7c23f343ad8df99/tenant"
      secret: "poSq7g5123t1TEQp5PlWhv4SAxk="
    Click to expand for DLP Connector 1.2.x code sample
    syncplicity.storage.atmos {
      url: "https://atmos.internal:443"
      token: "7ce21bbh56ek8feg0a7c23f343ad8df99/tenant"
      secret: "poSq7g5123t1TEQp5PlWhv4SAxk="
    }
  7. If type is s3 for AWS s3 storage, configure your AWS storage settings under the s3 section of the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x). Enter the name of the bucketyou created and its region, the access key and secret. For AWS, the secret was generated when you created the IAM user. For example:

    syncplicity: 
      storage:
        type: s3
    
        # S3 configuration
        s3:
          data:
            # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
            # access: <s3 data access key>
            # secret: <s3 data secret key>
            bucket: <s3 data bucket name>
              image:
                # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
                # access: <s3 image-access key>
                # secret: <s3 image-secret key>
                bucket: <s3 image-bucket name>
              irm:
                # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
                # access: <s3 irm access key>
                # secret: <s3 irm secret key>
                bucket: <s3 irm bucket name>
    
    
    Click to expand for DLP Connector 1.2.x code sample
    syncplicity.storage.s3 {
      bucket: "put bucket name here"
      region: "put region here"
      access: "put access key here"
      secret: "put secret key here"
      enableV4: true
     }
  8. If type is s3 for EMC ECS storage, configure your EMC ECS storage settings under the s3 section of the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x) by providing the following information:

    • Full url of the ECS storage, including the port. Refer to your ECS Storage administrator for the exact ports being used. Default ports are 9020 for HTTP and 9021 for HTTPS.
    • Name of the bucket you created.
    • Access key used for authentication, which is generated by the ECS administrator. With ECS, the access key is typically an email address.
    • Secret used for authentication, which is generated by the ECS administrator. For example:

      s3 {
        url: "http://10.1.1.1:9020"
        # name of the bucket
        bucket: "MyStorageVault_bucket"
        # the s3 access key
        access: "syncplicity@mycompany.com"
        # the s3 secret
        secret: "put secret key here"
      }
      
      syncplicity: 
        storage:
          type: s3
      			
          # S3 configuration
          s3:
            url: http://10.1.1.1:9020
            data:
              # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
              # access: <s3 data access key>
              # secret: <s3 data secret key>
              bucket: <s3 data bucket name>
            image:
              # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
              # access: <s3 image-access key>
              # secret: <s3 image-secret key>
              bucket: <s3 image-bucket name>
            irm:
              # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
              # access: <s3 irm access key>
              # secret: <s3 irm secret key>
              bucket: <s3 irm bucket name>
      
      
      Click to expand for DLP Connector 1.2.x code sample
      syncplicity.storage.s3 {
        access: "syncplicity@mycompany.com"
        secret: "put secret key here"
        url: "http://10.1.1.1:9020"
        bucket: "MyStorageVault_bucket"
      }

    Note: When an IP address is used in the URL, the Base URL (fully qualified URL) must be defined in the ECS admin console. The Base URL should correspond to the URL you use in the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x). The Base URL is used by ECS as part of the object address where virtual host style addressing is used and enables ECS to know which part of the address refers to the bucket and, optionally, name space. To avoid upload errors, such as the one following, make sure to add the Base URL in the ViPR console for all VDCs.

    The request signature we calculated does not match the signature you provided. Check your secret access key and signing method. For more information, see REST authentication and SOAP authentication for details.

  9. If your storage type is isilon, configure it in the NFS storage settings. Under the fs section of the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x), set rootdir to the mount point of your Isilon cluster on this server. For example:

    syncplicity.storage.fs:
      rootdir: "/mnt/syncdata"
    Click to expand for DLP Connector 1.2.x code sample
    syncplicity.storage.fs {
      rootdir: "/mnt/syncdata"
    }


    Make sure the syncp-das:syncp-das user owns the mount point. To set the ownership of the mount point, type the following command:

    sudo chown –R syncp-das:syncp-das <mount_point>

  10. If type is vnx, configure it in the NFS storage settings. Under the fs section of the syncp-das.yml file (vnx section in syncp-das.conf for DLP Connector 1.2.x), set the rootdir of your VNX system on this server. The directory below the mount point (for example, data) must exist before proceeding. If this directory does not exist, create it now. For example:

    syncplicity.storage.fs:
      rootdir: "/mnt/syncdata/data"
    Click to expand for DLP Connector 1.2.x code sample
    syncplicity.storage.vnx {
      rootdir: "/mnt/syncdata/data"
    }

    Make sure the rootdir is one level below the mount point for VNX storage systems. For example, if the mount point is /mnt/syncdata, the rootdir value must be /mnt/syncdata/data. Also, make sure the syncp-das:syncp-das user owns the mount point. To set ownership of the mount point, type the following command:

    sudo chown –R syncp-das:syncp-das <mount_point>

  11. If type is fs for generic NFS v3 or v4 storage, configure your NFS storage settings. In the syncplicity.storage section of the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x), add the following FS configuration and set rootdir to the mount point of your NFS v3 or v4 server on this server. If the following lines are in the file, edit the lines. For example:

    syncplicity.storage.fs:
      rootdir: "/mnt/syncdata"
    Click to expand for DLP Connector 1.2.x code sample
    syncplicity.storage.fs {
      rootdir: "/mnt/syncdata"
    }


    Make sure the syncp-das:syncp-das user owns the mount point. To set ownership of the mount point, type the following command:

    sudo chown –R syncp-das:syncp-das  <mount_point>

  12. If type is azure , configure your Azure storage settings under the azure section of the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x). Enter the Azure storage account name, the storage account key and the name of the Azure blob storage container. For example:

    syncplicity.storage:
      type: azure
    
      # Azure configuration
      azure:
        data:
          accountName: <account name>
          # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
          # accountKey: <storage account secret key>
          container: <container name>
        image:
          accountName: <account name>
          # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
          # accountKey: <storage account secret key>
          container: <container name>
        irm:
          accountName: <account name>
          # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
          # accountKey: <storage account secret key>
          container: <container name>
    Click to expand for DLP Connector 1.2.x code sample
    syncplicity.storage.azure {
      # Storage account name
      accountName: "MyStorageVault"
      # Storage account secret key
      accountKey: "put secret key here"
      # Azure blob storage container name
      container: "MyStorageVault_blob"
    }

    Note: When configuring the DLP/AV Connector to utilize Azure blob storage, the DLP/AV Connector servers should be hosted in the Azure VPC to minimize latency between the DLP/AV Connector and the storage.

  13. If type is google, configure your GCS settings under the  google  section of the syncp-das.yml file (syncp-das.conf for DLP Connector 1.2.x). Enter the name of the bucket you created, and the JSON string with authentication credentials provided in a downloadable file when your service account key is generated (see GCS documentation). For example: 

    storage:
      type: google
    
      # Google Storage configuration
      google:
        # Check syncplicity.crypto.keyStore section for how to enable this or setup keystore
        authJson: <the authentication credentials JSON for the service account>
        data.bucket: <data bucket name>
        image.bucket: <image bucket name>
        irm.bucket: <irm bucket name>
    Click to expand for DLP Connector 1.2.x code sample
    syncplicity.storage.google {
      # name of the bucket
      bucket: "put bucket name here"
      # the authentication credentials JSON for the service account
      authJson: "put JSON string here"
    }

Configure the DLP/AV settings

  1. Create or use an existing keystore named keyStore.p12 and generate keys by typing the following command:

    keytool -genkey -keyalg RSA -alias actionMQKey -keystore keyStore.p12 -storetype PKCS12

    You are prompted to enter passwords for the key and keystore. The storepass value specifies the keystore password. The keypass value specifies a password for the private key about to be generated. You need this password to access the keystore entry containing that key. If you are creating a keystore using the preceding keystore command, you are prompted for your distinguished-name information (name, organization, and so on.)

  2. Export the public key by typing the following commands:

    keytool -importkeystore -srckeystore keyStore.p12 -destkeystore dlpKeyStore.p12 -deststoretype PKCS12 -destkeypass <destPass> -deststorepass <destPass>

    Where <destPass> is any valid password.  The destination pkcs12 keystore can't have different storepass and keypass. 

    openssl pkcs12 -in dlpKeyStore.p12 -nocerts -out private.key

    The user is prompted for <destPass>

    openssl rsa -in private.key -pubout > public.key

    The user is prompted for <destPass>.

  3. Enter the public key on the Manage StorageVault Settings page for the StorageVault on which you want to to enable DLP or AV.
    1. Login to the MySite as an administrator, and navigate to the Manage StorageVaults page.
    2. Select the StorageVault that you are using to integrate with your DLP/AV engine.
      The Manage StorageVault Settings page opens.
    3. Scroll to the bottom of the page and enter your public key.

       


       

  4. Save the StorageVault ID, which can be found on the Manage StorageVault Settings page.
    The StorageVault ID, with the dashes "-" removed, is used during the DLP/AV configuration steps and for Troubleshooting.
    The following is an example of where to retreive the StorageVault ID.

     

  5. Customize the settings for the DLP/AV Connector by editing the DLP/AV configuration file. This file is in YAML format (http://yaml.org/).

    Use the following command to access the DLP/AV configuration file:

    sudo vi /etc/syncp-das/syncp-das.yml

    The following is an example fragment of the /etc/syncp-das/syncp-das.yml file. The storage parameters vary depending on the type of storage used.

    See DLP/AV configuration parameters for detailed desctiptions of all parameters in the YML file.

    /etc/syncp-das/syncp-das.yml (DLP Connector 1.2.x)/etc/syncp-das/syncp-das.yml (DLP/AV Connector 2.x)

    spring.profiles.active: DLP

    syncplicity.das:
      dlp:
        actionmq:
          url: 'https://amq.syncplicity.com/api/v1/'
          queueName: '1.file.a38e8fd78e93481698a6e58a01b7f357'
          keyAlias: 'actionMQKey'
          keyPassword: 'keyPassword'
          jwtIssuer: 'a38e8fd78e93481698a6e58a01b7f357'  
          jwtTokenValidityPeriod: 60
          jwtTokenSkew: 5

        manager:
          workersCount: 250   
          batchSize: 10  
          sleepTime: 30
          shutdownTimeout: 60
        processors:
        - alias: 'DigitalGuardian'
          uri: 'icap://10.250.240.230:1344/response'

          proxy: 'http://10.250.240.235:3128'
          target: 'X-Virus-ID'


        icap.client.maxContentLengthToScan: 26214400

    spring.profiles.active: dlp, avs

    syncplicity.das:
      avs:
        actionmq:
          batchSize: 100
          connectionTimeout: 5000
          jwtIssuer: 'a38e8fd78e93481698a6e58a01b7f357'
          jwtTokenSkew: 10
          jwtTokenValidityPeriod: 1800
          keyAlias: 'actionMQKey'
          keyPassword: 'a38e8fd78e93481698a6e58a01b7f357'
          queueName: '6.file.a38e8fd78e93481698a6e58a01b7f357'
          readTimeout: 30000
          sleepTime: 30
          url: 'https://amq.syncplicity.com/api/v1/'
        manager:
          shutdownTimeout: 60
          workersCount: 250 --
        processors:
        - alias: 'DigitalGuardian2'
          description: ''
          headers: {}
          proxy:
            enabled: false
            host: null
            port: 3128
            type: HTTP
          target: X-Virus-ID
          thumbprint: ''
          uri: 'icap://10.250.240.230:1344/response'

      dlp:
        actionmq:
          url: 'https://amq.syncplicity.com/api/v1/'
          queueName: '1.file.a38e8fd78e93481698a6e58a01b7f357'
          keyAlias: 'actionMQKey'
          keyPassword: 'a38e8fd78e93481698a6e58a01b7f357'  
          jwtIssuer: 'a38e8fd78e93481698a6e58a01b7f357'  
          jwtTokenValidityPeriod: 60
          jwtTokenSkew: 5
        manager:
          workersCount: 250   
          batchSize: 10  
          sleepTime: 30
          shutdownTimeout: 60
        processors:
        - alias: 'DigitalGuardian'
          uri: 'icap://10.250.240.230:1344/response'

          proxy:
            enabled: false
            host: null
            port: 3128
            type: HTTP

          target: 'X-Virus-ID'

      icap.client.maxContentLengthToScan: 26214400

    syncplcicity.storage:
      # Storage settings

      type: fs
      fs:
        data.rootDir: ...
        image.rootDir: ...
        irm.rootDir: ...
        archive.rootDir: ...

    syncplicity.crypto.keyStore:
      # Settings for your keystore
      enforced: false

      # If enforced is false
      # password: <keystore password>
      password: password
      file: /etc/syncp-storage/dlpKeyStore.p12

  6. Make sure the keyStore.p12 and syncp-das.yml files (as well as syncp-das.conf for DLP Connector 1.2.x) have read access for the syncp-das user. You can set the owner for these files by running the following command:

    sudo chown syncp-das:syncp-das /etc/syncp-das/keyStore.p12 /etc/syncp-das/syncp-das.yml /etc/syncp-das/syncp-das.conf

    Remove /etc/syncp-das/syncp-das.conf from the command line, if using DLP/AV Connector 2.x.

(Optional) Edit the DLP/AV Connector log settings

The DLP/AV Connector writes error, warning and info messages to a log file in /var/log/syncp-das/. Log settings can be customized including the log level, retention of log files and the name of the log file (to improve the usability of reviewing logs from multiple systems).

Any time you change the settings in the logger.xml file you must restart the DLP/AV Connector service for the changes to take effect. To restart the syncp-das service, type the following command:
sudo systemctl restart syncp-das

Customizing the name of the log file

  1. Edit /etc/syncp-das/logger.xml
    sudo vi etc/syncp-das/logger.xml
  2. Modify the <appender> <rollingPolicy> <fileNamePattern> xml element to change the log location path or filename pattern. The default value and formatting for naming is:
    /var/log/syncp-das/storage-%d{yyyy-MM-dd}.log.gz
  3. It is possible to add an environment variable (such as HOSTNAME) to the log file name, like this:
    <fileNamePattern>/var/log/syncp-das/${HOSTNAME}-storage-%d{yyyy-MM-dd}.log.gz</fileNamePattern>

Changing the log retention period

  1. Edit /etc/syncp-das/logger.xml
    sudo vi etc/syncp-das/logger.xml
  2. Modify the <maxHistory> setting to the number of archive files to keep (the default is 7 days). Note that the rollover period is determined by the format in <fileNamePattern>.
    <maxHistory>7</maxHistory>

Starting the DLP/AV Connector service

  1. Once you have configured the DLP/AV Connector service and log settings, it is time to start the DLP/AV Connector service. Start the DLP/AV Connector software on each of the DLP/AV Connectors you have configured with this command:
    sudo systemctl start syncp-das

  2. After starting the syncp-das service, check the logs to make sure there is no error in the configuration and the service started without any problem. The Syncplicity software logs its activity under /var/log/syncp-das. To list log files run the command
    sudo ls -la /var/log/syncp-das

The base software installation process has been completed.

Verify installation

To confirm the DLP/AV Connector is configured and running correctly, review and execute the following tasks on each DLP/AV Connector.

Confirm service is running

On each DLP/AV Connector server, type the following command to confirm that the DLP/AV Connector is running correctly:

sudo systemctl status syncp-das.service

If the service is running correctly the output contains  active (running)  state of Active property.

Confirm service is accessible

Note that starting from version 2.0, the port number in the URL and command below is 9000 instead of 9002.

For each DLP/AV Connector server, type the following URL in a browser to confirm the service is accessible:

http://<hostname_or_IP_address_of_dlp_connector_server>:9000/ping

If the service is accessible, the following message appears in the browser:

pong

If unable to access the service in a browser, on each connector server type the following command:

curl http://<dlp_connector_host_or_IP>:9000/ping

If the service is accessible, the following message displays:

pong

Check ActionMQ connection

To verify the connection to the ActionMQ for DLP , navigate to the Admin | Settings | Data Loss Prevention (DLP) page. Scroll down to the StorageVaults section, select the radio button for Selective StorageVaults, and enter the URL for your DLP/AV Connector. Then scroll to the Scanning Status section and hit the Refresh status link. If the stats for the Current Queue and Historical Queue refresh without any errors then the ActionMQ has been created correctly. Once you have started uploading files to be scanned by the DLP Engine you should start to see the statistics update on this page. Here is an example:

To verify the connection to the ActionMQ for AV, use the equivalent settings under  Admin | Settings | Anti Virus Scan (AVS).

Troubleshooting the DLP/AV Connector

Powered by Zendesk