Linux CAP Printer Log - Incorrect Source Path

Products Endpoint Protector Discussions & Questions
, ,
1

  • What version are you using? (OS, client, server, etc.)

    Linux Client Version: 2602.3.3.0

    Linux OS: Linux Red Hat Enterprise Rocky Linux 9.7

    EPP server Version: Version 2602.0.1.0

  • For the scenario you’re describing, what settings/configuration do you currently have in place?

    We have a policy where printer is supposed to block most file types, we also have custom content enabled.
    DPI settings enabled as well.

  • What error messages or unexpected behavior are you seeing?

    In the CAP logs, if say our source file path is /home/admin/Documents,

    1. I get the log but the source path is something like this instead - /var/spool/cups/…/filename.pdf.pdf (Why double extension)
    2. If it is a png file, upon printing, in the log, .pdf is added to the .png extension. eg., filename.png.pdf
    3. In the destination type, we should see policy exit point, like if it was some cloud sharing app or USB device we could see that, but for network printers for Linux the column was blank

  • What have you tried so far?
    There is not much we can do for issue related to log, the configuration is proper, we are getting the logs, just not as expected.

2

Hi Vishwa,
Linux behaves differently than Windows, or even macOS, and it’s normal to see some differences in how the EPP agent operates across the two platforms. What you’re seeing is expected behavior, let me tell you why.

  1. On Linux, printing goes through CUPS (Common Unix Printing System). When a print job is submitted, CUPS converts the file to PDF before sending it to the printer. The EPP agent monitors the CUPS spool directory, so by the time it captures the job, the conversion has already happened – resulting in the .pdf.pdf you’re seeing in the logs.
  2. Same reason as above. CUPS converts any file to PDF as part of the print process, regardless of the original format. The original filename is preserved, with .pdf appended after the original extension.
  3. This is expected behavior as well.

In addition to the above, CAP policies for printers (on all operating systems) work based on sensitive content detection only, not file types, so only content inspection rules apply.

Zoran

3

Thank you very much for your prompt reply Zoran Cocoara.