RSA Security Inc.
Technology Solutions Kit: Checklist
Introduction
This document is provided to <Customer Name> and allows us to record information necessary while
performing the RSA® DLP Healthcheck service. More specific instructions on each step can be found in the
RSA DLP Maintenance Guide.
RSA DLP Healthcheck Checklist
Table 1 includes questions about your specific data environment.
Table 1. RSA DLP Healthcheck Checklist
Complete

Task
Comments
Review the ports that are used by the products in the DLP Suite
are not blocked by any security products in use.
Enterprise Manager Checks

Verify the component requirements for the Operating System,
RAM, and Disk Space available are met by the current platforms
on which DLP Datacenter is implemented.

Verify that the RSA DLP Enterprise Manager Service is Running.

Verify that the RSA SLP Local Site Interop service is running
(only if the company is using Partner Device Integration).

Verify that the Enterprise Manager processes are running.

RSAEMService.exe

Event Loader (java.exe)

Jetty Service (java.exe)

ComponentShell.exe (only if the company is using
Partner Device Integration).

Verify that Incidents and Events are being created.

Check Disk Space Availability

Check Connection between Enterprise Manager and Enterprise
Coordinator.

Check connection between Enterprise Manager and Root
Endpoint Coordinator

Check Connection between Enterprise Manager and Database
RSA® DLP Healthcheck
05/06/13
Q109
Page 1
RSA Security Inc.
Complete
T.S. Service Kit: Checklist
Task
Comments

Check Connection between Enterprise Manager and Network
Controller.

Run Health Check queries against the database to ensure the
number of sites in the EnterpriseCoordinator.user.config file
matches the number in the database.

Review Content Blades and Policies

Review the following Enterprise Manager Logs:

Alert.log

EventLoader.log

Review the Scan Configuration Page for Exchange DAR scans.

Check the Enterprise Manager Certificate Expiration

Review SIEM Configuration.

Review LDAP Configuration.
Database Checks

Reindex the Enterprise Manager Database if not all events and
incidents are listed in the Enterprise Manager.

Monitor the database Transaction log size

Adjust Database size if necessary.
Enterprise Coordinator Checks

Verify the component requirements for the Operating System,
RAM, and Disk Space available are met by the current platforms
on which DLP Datacenter is implemented.

Review the installation and configuration of the Enterprise
Coordinator.

Verify whether UAC (User Account Control) is turned off once
Enterprise Coordinator is installed on Windows 2008 Server.
RSA® DLP Healthcheck
05/06/13
Page 2
RSA Security Inc.
Complete
T.S. Service Kit: Checklist
Task
Comments

Verify the Permanent Agent is installed successfully.

Inspect the Enterprise Coordinator is configured properly.

Verify that the appropriate Database client software is installed if
database scanning or database fingerprint crawling is being
used

Verify that the appropriate Repository client software is installed
if documents repository scanning (such as Lotus notes) is being
used

Verify the RSA DLP Enterprise Coordinator service is running

Verify that the LongArm.V8.Agent.exe process is running.

Check Disk Space Consumption.

Check connection between the EC and SC’s.

Check ResultFileDrop Folder

Check ResultFileError Folder

Check messages.log file for:

Errors

size

frequency of rollover.

Check the Polling Intervals and Polling Threads.

Verify Debug level
Site Coordinators Checks (Perform for all SC’s)

Verify the component requirements for the Operating System,
RAM, and Disk Space available are met by the current platforms
on which DLP Datacenter is implemented.

Review the installation and configuration of the Site Coordinator.
RSA® DLP Healthcheck
05/06/13
Page 3
RSA Security Inc.
Complete
T.S. Service Kit: Checklist
Task
Comments

Verify that the RSA DLP Endpoint Agent Service is running.

Check Disk Space Consumption.

Check Polling Threads and Intervals

Check Log files
Grid Worker Checks (Perform for all GW’s)

Verify the component requirements for the Operating System,
RAM, and Disk Space available are met by the current platforms
on which DLP Datacenter is implemented.

Review the installation and configuration of the Grid Workers.

Verify that the RSA DLP Endpoint Agent is running

Verify that the following processes are running (when a scan is
in progress only)

Longarm.V8.Agent.exe

SAgent.exe

OutProcServer.exe

Check Disk Space Consumption

Check connection between Grid Workers and the Site
Coordinator.

Check Polling Threads and Intervals

Check Log Files.
Network Controller

Review the Configuration of the Network controller. Ensure all
settings are correct including passwords, NTP, ip addresses, etc.

Using moncmd status from the prompt check the services.
RSA® DLP Healthcheck
05/06/13
Page 4
RSA Security Inc.
Complete
T.S. Service Kit: Checklist
Task
Comments

Check Logs of all Network devices.

Check Disk Space
ICAP

Review the Configuration of the ICAP. Ensure all settings are
correct including passwords, NTP, ip addresses, etc.

Verify that events are generated and populated.

Using moncmd status from the prompt check the services.

Run icapstats to monitor device statistics.

Check Disk Space
Interceptor

Review the Configuration of the Interceptor. Ensure all settings
are correct including passwords, NTP, ip addresses, etc.

Verify that events are generated and populated.

Using moncmd status from the prompt check the services.

Run interceptorstats to monitor device statistics.

Monitor SendMail to ensure email is being routed to the
upstream MTS.


Check /var/spool/mqueue-out for files starting with Q
Check Disk Space
Sensor
RSA® DLP Healthcheck
05/06/13
Page 5
RSA Security Inc.
Complete

T.S. Service Kit: Checklist
Task
Comments
Verify that the Network Sensor is connected properly to the
network using:

Tap

SPAN port on a switch

Review the Configuration of the Sensor. Ensure all settings are
correct including passwords, NTP, ip addresses, etc.

Verify that events are generated and populated.

Using moncmd status from the prompt check the services.

Run tcpflowstats to monitor device statistics.

Check Disk Space
Partner Device

Verify the Partner Device is up.

Check that Events are being sent to the Enterprise Manager

Check that the status interval configured on the partner side is
the same frequency which is set on the Enterprise Manager
Side.
Endpoint Coordinator’s (including Root)

Verify the component requirements for the Operating System,
RAM, and Disk Space available are met by the current platforms
on which DLP Datacenter is implemented.

Review the installation and configuration of the Endpoint
Coordinator.

Verify that the following Services are running:

RSA DLP Endpoint Coordinator

RSA DLP Endpoint File Server

RSA DLP Message Broker

RSA DLP Join Service (only on the Root Endpoint
Coordinator)
RSA® DLP Healthcheck
05/06/13
Page 6
RSA Security Inc.
Complete

T.S. Service Kit: Checklist
Task
Comments
Verify that the following processes are running:

EndpointCoordinator.exe

RSADLPJoinService.exe (only on the Root Endpoint
Coordinator)

Check Disk Space Consumption.

Check Connection between the Root Endpoint Coordinator and
the Endpoint Coordinators

Check file_store Folder

Check Service Log Files Sizes and rollover frequency.

Check Apache Log sizes and rollover Frequency.

Check RabbitMQ Log Sizes.
Endpoint Agents (spot check as checking all isn’t feasible)

Verify the component requirements for the Operating System,
RAM, and Disk Space available are met by the current platforms
on which DLP Datacenter is implemented.

Check Disk Space Consumption

Monitor Outbox Folder Size

Monitor Log file size and rollover frequency.

Use the Enterprise Manager Agent Management Dashboard to
assess the health of Endpoint Agents

Check Log files for errors.
After Upgrading
RSA® DLP Healthcheck
05/06/13
Page 7
RSA Security Inc.
Complete
T.S. Service Kit: Checklist
Task

Comments
After upgrading DLP, verify if:

Web Browser caches are flushed

Primary component configurations are synchronized

Clients for Database and Repository Access are
installed

Database and repository rules to Active policies are
added

Fingerprinted content blades are recreated.

Ensure Network Controller upgrade is successful. Applicable
only if the deployment includes DLP Network

Ensure Enterprise Coordinator upgrade is successful. Applicable
only if the deployment includes DLP Datacenter

Ensure Endpoint Coordinator upgrade is successful. Applicable
only if the deployment includes DLP Endpoint

While upgrading DLP, verify if the scans are running.

Verify upgraded components in DLP run as expected:

Enterprise Manager

Enterprise Coordinator

Permanent Agents

Grid Workers

Fingerprinting Agents

Temporary Agents
RSA® DLP Healthcheck
05/06/13
Page 8
RSA Security Inc.
T.S. Service Kit: Checklist
Appendix
RSA DLP 9.5
Maintenance Guide.pdf
RSA® DLP Healthcheck
05/06/13
Page 9