Advanced Troublshooting steps for DLP Network Sensor
Originally Published: 2015-09-29
Article Number
Applies To
RSA Product/Service Type: DLP Network
RSA Version/Condition: No events from Sensor
Platform: CentOS
O/S Version: 6
Issue
Correct policies have been applied and confirmed they are working. There are still no events generated from the sensor.
Tasks
1. Work with the network team to make sure the IP addresses in question fall into the correct sub net.
2. confirm that host IP have not been changed. (If events are no longer being generated)
3. Traffic must be in the clear. (no encryption of data, https, or TLS enabled)
Find out which protocol is in question. (if it is http traffic, the service is called passivehttp, and for email it is passivesmtp)
Logon to sensor and open a command prompt, type: moncmd debug <service> on
then type: conwatch -n 10
The message output will show every session that is received by sensor.
Run your tests from machine and watch for the Client IP, if it is missing , you will need to work with the network team to find out why that IP is missing.
If you see the IP and there is still no event, you need to find out if there is the network is asymmetrical routing In order for the session to be captured for analysis, it has to be full session.
After testing is complete you turn off debugging of the service.
moncmd debug <service> off
Notes
Command used: moncmd debug passivesmtp on
Message displayed to confirm debug is enabled:
09-29 14:21:09 INFO NW_902 sensor1.ribeye.com PassiveSMTP0 #### debug: True
9-29 14:23:06 DEBUG NW_901 sensor1.ribeye.com PassiveSMTP0 [FLOW.Event] [Content ID: 1443568986.0000_bd3c42d8-382b-4856-8ffd-14f0a7d7274a_smtp] Analyzing (passive) SMTP Session. Mail From: johndoe@ribeye.com, Mail To: [u' joedoe@.company.com'], Subject: DLP Sensor Test, Client: "10.1.2.3", Server: "10.3.2.1"
In this case, client is the origination network and the Server is destination network.
Related Articles
Configure RSA Authentication Manager Monitoring Intervals for Installed Agents Number of Views Steps to enable SSL for on IIS 6.0 Number of Views Log Archives Number of Views Steps to configure RSA Authentication Manager Number of Views Remote agent installation steps for RSA IMG Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
