Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to View Endpoint LogsHow to Use Audit LogsHow to Use Agent LogsWhere to Find PostgreSQL LogsAdvanced Log and Log Location Information for Power UsersWhat are common errors shown in the Agent Log and how do I fix them?Can I Export Agent Log Data for External Analysis?Can I export Audit Log data for External Analysis?How do I export Audit Log data via the Web API?Can I customize which events appear in the Audit Log?Can I schedule automated exports of Audit Log data?Is there a sample script for API-based audit log export?Guide to Analyzing Logs and Generating Graphs in Time IntervalsIs There a Sample Script for Exporting Agent Log Data?What are Best Practices for Managing Large Log Exports?Is There an Example of Filtering Logs by Severity?What are best practices for storing and securing exported log data?What Tools Integrate Well with Spirion for Log Integrity VerificationIs There a Sample Script for Hash Verification?
PowerBI
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

What are common errors shown in the Agent Log and how do I fix them?

This article describes the most common errors you may encounter and the logical steps used to resolve them.

In Spirion Sensitive Data Platform (SDP), errors in the Agent Log generally fall into 3 categories based on the "log family" they belong to:

  1. EPS (Connectivity)
  2. IDF (Scanning)
  3. IFS (Shipping).

Here are the most common errors you will encounter and the logical steps to resolve them.

1. Connectivity & Registration Errors (EPS Logs)

These errors occur when the agent cannot communicate with the Spirion Console.

  • Error: "Failed to connect to console" or "401 Unauthorized"
    • Cause: The agent's registration token is invalid, or a firewall/proxy is blocking the connection to the Spirion SaaS URL.
    • Fix:
      1. Verify the agent host has outbound access to your tenant URL (e.g., *.spirion.com) on port 443.
      2. Check if a proxy is intercepting the traffic; you may need to configure proxy settings in the agent's App.config or via the console.
      3. If the agent was recently re-installed, delete the old agent record in the console and re-register using a fresh registration artifact.
  • Error: "Heartbeat failed: Network unreachable"
    • Cause: Transient network failure or the agent host has lost its internet/VPN connection.
    • Fix: Ensure the host has a stable network connection. If the issue persists, check for local security software (AV/EDR) that might be killing the agent's outbound threads.

2. Scanning & Permission Errors (IDF/SystemSearch Logs)

These errors occur when the agent is active but cannot read the data it is assigned to search.

  • Error: "Access Denied" or "UnauthorizedAccessException"
    • Cause: The service account running the Spirion Agent does not have sufficient permissions to read the file, folder, or database table.
    • Fix:
      1. Identify the account running the "Spirion Agent" service (usually LocalSystem or a specific Domain User).
      2. Grant that account Read permissions (and Write if remediation like Shredding is required) to the target directory or share.
      3. For remote shares, ensure the account has both NTFS and Share level permissions.
  • Error: "Network path not found" or "The device is not ready"
    • Cause: The agent is trying to scan a remote target (like a file share) that is offline, or the DNS name cannot be resolved.
    • Fix:
      1. Ping the target from the agent host to verify connectivity.
      2. If using a mapped drive (e.g., Z:\), switch the Target configuration in the console to use a UNC path (e.g., \\Server\Share), as agents often cannot see user-mapped drives.
  • Error: "File is in use by another process"
    • Cause: The file is locked by another application (like Excel or a backup tool).
    • Fix: Spirion will automatically retry these files. If it happens constantly, consider scheduling scans during "off-peak" hours when fewer files are locked by users.

3. Result Shipping Errors (IFS Logs)

These errors occur when the agent has found sensitive data but cannot send the results to the console.

  • Error: "Failed to ship results: 503 Service Unavailable" or "413 Request Entity Too Large"
    • Cause: The results payload is too large for the network to handle in one "chunk," or the Spirion Ingress server is temporarily throttled.
    • Fix:
      1. The agent will automatically retry (this is the benefit of the Postgres-based queue).
      2. If it fails consistently, check if your corporate firewall/WAF has a "Max Request Size" limit that is cutting off the upload.
  • Error: "SSL/TLS Secure Channel Error"
    • Cause: A proxy or firewall is performing "SSL Inspection" and replacing Spirion's certificate with a local one that the agent doesn't trust.
    • Fix: Work with your network team to exclude/whitelist the Spirion URLs from SSL inspection.

4. Local Database/Queue Errors (Windows Only)

These are specific to the Windows agent's Postgres-based queueing architecture.

  • Error: "Failed to connect to local database" or "Queue full"
    • Cause: The local PostgreSQL service on the agent host has stopped, or the host has run out of disk space.
    • Fix:
      1. Check the Windows Services console and ensure the PostgreSQL service (used by Spirion) is running.
      2. Verify the agent host has at least 5-10GB of free disk space.
      3. SME Tip: If the local database is corrupted, you may need to stop the agent services, rename the Data folder in the Spirion ProgramData directory, and restart the services to "reset" the local queue.

Summary Troubleshooting Checklist

  1. Check the Service: Is the "Spirion Agent" service running?
  2. Check the Path: Can the Agent host "see" the Target (ping/UNC path)?
  3. Check the Permissions: Does the Agent's service account have "READ" access?
  4. Check the Egress: Can the Agent reach *.spirion.com on port 443?

If you see an error code not listed here, look for the Correlation ID in the log and provide it to Spirion Support; this us to trace the specific transaction through the entire SaaS pipeline.

Was this article helpful?

Powered by Product Fruits