Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page
Web Security Deployment Recommendations > Additional reporting considerations
Additional reporting considerations
Deployment and Installation Center | Web Security Solutions | Version 7.7.x
 
Applies to:                                         
In this topic                                       
*
Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7.x
*
Using a custom port to connect to the Log Database
*
Using SSL to connect to the Log Database
*
Using BCP for log record insertion with SQL Server 2008
*
Configuring distributed logging
When you install Web Security reporting components, you can configure how those components communicate with the SQL Server database (Log Database). Port and encryption settings selected during installation can be changed after installation, if needed.
In addition, if you are planning to deploy reporting components for a large or geographically distributed organization, and need to use a single, centralized database for reporting, see Configuring distributed logging for configuration options.
Using a custom port to connect to the Log Database
During TRITON Infrastructure and Websense Log Server installation, you can specify which port to use for Microsoft SQL Server communication. By default, the standard ODBC port (1433) is used.
If you want to use another port, keep in mind that SQL Server typically assigns:
*
A fixed port to the default instance (MSSQLSERVER)
*
A dynamic port to each named instance
Use the SQL Server Configuration Manager to configure the port used by each SQL Server instance. See your Microsoft documentation for assistance.
Using SSL to connect to the Log Database
During TRITON Infrastructure and Websense Log Server installation, you are given the option to connect to Microsoft SQL Server using an SSL-encrypted connection.
In determining whether to configure reporting and management components to use SSL encryption for Log Database communication, keep in mind that:
*
BCP (bulk copy program) cannot be used to add records to the Log Database.
*
Log Database connections are slower, which may affect reporting performance.
*
If you are running TRITON - Web Security on a V-Series appliance (typically done only for evaluations), the connection from the management console to the database cannot be encrypted.
If SSL is required, no data can be displayed in the Web Security Dashboard or other reporting tools.
Before enabling SSL encryption during Websense software installation, configure Microsoft SQL Server encryption settings.
1.
Launch SQL Server Configuration Manager (for example, Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL Server Configuration Manager).
2.
Right-click the SQL Native Client x.x Configuration entry used in your SQL Server installation, then select Properties.
Two parameters are listed:
*
Force Protocol Encryption: The default setting (No) means that encrypted connections are accepted but not required. This setting is typically best for use with Websense security solutions.
If this is set to yes, only encrypted connections are accepted.
*
Trust Server Certificate: The default setting (No) means that only certificates issued by a Certificate Authority (CA) are accepted for encrypting connections to the database. This requires that a CA-signed certificate be deployed to the SQL Server, Log Server, and TRITON management server machines before Websense components can use a secure connection to connect to the database.
When this parameter is set to Yes, self-signed SSL certificates may be used to encrypt the connection to the database. In this case, the certificate is generated by the SQL Server machine and shared by all components needing to connect to the database.
If you enable SSL encryption during installation, Force Protocol Encryption is set to Yes, and Trust Server Certificate is set to No, CA-signed certificates must be installed on the TRITON management server and Log Server machines before the component installation will succeed.
Using BCP for log record insertion with SQL Server 2008
The Web Security Log Database can use either of 2 methods to insert log records into the Log Database (reporting database):
*
ODBC (Open Database Connectivity inserts records into the database individually, using a database driver to manage data between Log Server and Log Database.
*
BCP (Bulk Copy Program) inserts records into the Log Database in groups called batches. This option is recommended because it offers better efficiency than ODBC insertion.
Before you can use BCP for log record insertion with SQL Server 2008, 2 Microsoft component must be installed on the Log Server machine:
*
Microsoft SQL Server 2008 Native Client is installed by the TRITON Unified Installer, when you install Web Security Log Server on the machine.
*
Microsoft SQL Server 2008 Command Line Utilities are available as a free download from Microsoft:
http://www.microsoft.com/en-us/download/details.aspx?id=16177
After you install the SQL Server 2008 Command Line Utilities, perform the following configuration steps to ensure that Log Server can access the BCP utility:
1.
Locate the bcp.exe file installed with the SQL Server 2008 Command Line Utilities and make a note of the path to the file. The default location is:
C:\Program Files\Microsoft SQL Server\100\Tools\Binn\bcp.exe
2.
Navigate to the Websense bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin\) and open LogServer.ini in a text editor.
3.
Locate the BCPExePath parameter, and set its value to the path noted in step 1. For example:
BCPExePath=C:\Program Files\Microsoft SQL Server\100\Tools\Binn\bcp.exe
4.
Save and close the LogServer.ini file.
5.
Use the Windows Services dialog box (Start > Administrative Tools > Services) to restart the Websense Log Server service.
6.
Use the Settings > Reporting > Log Server page in TRITON - Web Security to configure Log Server to use BCP for log record insertion.
Configuring distributed logging
If you have a large or distributed environment that requires multiple Log Server instances, you can configure each Log Server to record data to a separate Log Database. If you do not need a central repository of reporting data that can be used to generate organization-wide reports, this may be the most efficient deployment option.
If you, however, you need a single Log Database in order to store all reporting data in a central location, you have 2 options:
*
Configure all Log Server instances to independently record their data in the same Log Database.
*
Configure distributed Log Server instances to pass their data to a central Log Server, which then records all log records from all instances into the Log Database.
The first option does not require special configuration steps. You need only ensure that each Log Server instance points to the same database (both database engine IP address or hostname and database instance name).
The second option requires more planning and configuration detail, as outlined in the sections that follow.
Note that centralized log processing is not as fast as local logging. Expect a delay of 4 or 5 minutes before the files from remote Log Servers appear in the cache processing directory on the central Log Server.
Part 1: Prepare for centralized logging
1.
Identify or create a domain user account to use for running each Log Server service. For example:
mydomain\WebsenseLogServer
This ensures that permissions are consistent for all instances, and facilitates communication between distributed Log Server instances and the central instance.
2.
Identify which Log Server instance will serve as the central Log Server and note its hostname or IP address.
All remote Log Server instances must be able to communicate with the central Log Server machine.
3.
Create a shared folder on the central Log Server machine for all Log Server instances to access:
a.
Create the folder. For example:
C:\Program Files (x86)\Websense\Web Security\bin\logscache\
b.
Right-click the new folder and select Properties. On the Sharing tab, select Share this folder and provide the information requested.
Optionally, also restrict access to the folder to the domain user account assigned to all Log Server instances.
The shared folder is available within the network via its UNC file path (\\<host_name>\<folder_name>). For example:
\\logserver01\logscache
4.
On the remote Log Server machines, create a mapped drive for the cache folder created in step 3:
a.
Log on to each Log Server machine as the domain user assigned to all Log Server instances.
b.
Open Windows Explorer and go to Tools > Map Network Drive.
c.
Select a drive letter for the mapped drive, browse to the shared folder created in step 3, and then click Finish.
d.
Make sure that you can copy a small text file from the remote Log Server machine to the shared drive.
Part 2: Configure the central Log Server
1.
Go to the central Log Server machine and use the Windows Services dialog box (Start > Administrative Tools > Services) to stop Websense Log Server service.
2.
Navigate to the Websense bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin, by default) and open the LogServer.ini file in a text editor.
3.
Search for the phrase "Centralized LogServer," then make the following changes:
[CacheFileWatcher]
Active=true
TimeInterval=180
FilePath=<path_to_shared_cache_folder>
*
Set the Active parameter to true to configure the central Log Server to process cache files from remote Log Server instances.
*
Optionally, edit the TimeInterval value to determine how frequently (in seconds) the central Log Server checks the cache directory for new files to process.
*
Set the FilePath parameter to the shared directory you created in Part 1 of this procedure (in the example above, the value is C:\Program Files (x86)\Websense\Web Security\bin\logscache\).
4.
Next, search for [Visits] section of the file to change the UsingVisits parameter to false. (This can also be configured via the Settings > Reporting > Log Server page in TRITON - Web Security.) The section looks like this:
[Visits]
VisitTime=10
UsingVisits=false
VisitSortTimeDelay=30
This ensures that visits processing (if enabled) is performed only once, by the remote Log Server instances.
 
* 
Note 
When centralized logging is used, log record consolidation is automatically disabled on remote Log Server instances (regardless of the setting in LogServer.ini or TRITON - Web Security). To use log record consolidation, enable it for the central Log Server.
5.
Save and close the file.
6.
To configure this Log Server instance to run as the domain user created in Part 1 of this procedure:
a.
In the Windows Services dialog box, right-click Websense Log Server and select Properties.
b.
Select the Log On tab, then, under "Log on as," click This account.
c.
Browse to the domain user created for this purpose, then enter and confirm the account password.
d.
When you are finished, click OK to return to the main Services window.
7.
To start Log Server, right-click Websense Log Server again, then select Start.
Part 3: Configure remote Log Server instances
1.
Go to a remote Log Server machine and use the Windows Services dialog box to stop the Websense Log Server service.
2.
Navigate to the Websense bin directory, then open the LogServer.ini file for that instance in a text editor.
3.
Search for the phrase "Remote LogServer" and make the following changes:
[LogFile]
MoveCacheFile=FALSE
MoveCacheFilePath=C:\Program Files\Websense\bin\CacheProcessing
ProcessCacheFile=TRUE
[UserGroups]
ProcessGroups=FALSE
ProcessUserFullName=FALSE
;Distributed Logging Remote LogServer
[CacheLogging]
Active=true
TimeInterval=180
MinFileSize=1048576
MaxFileSize=5242880
CacheFileProcessingPath=C:\Program Files\Websense\bin\CacheProcessing
CacheFileOutputPath=<UNC_path_to_mapped_drive>
*
Set the Active parameter to true to configure the remote Log Server to place cache files in the "CacheFileProcessingPath" directory and forward them to the central Log Server.
*
Optionally, change the TimeInterval value to determine how often (in seconds) the remote Log Server closes the current cache file and creates a new one.
*
You can also edit the MinFileSize and MaxFileSize (in bytes) for each cache file. The default minimum is 1 MB; the default maximum is 5 MB.
*
Set CacheFileProcessingPath to a local directory on the remote Log Server machine. Cache files are created on the local machine before being sent to the mapped drive on for processing by the central Log Server.
*
Set CacheFileOutputPath to the UNC file path of the shared folder on the central Log Server machine.
4.
If you want to record visits (rather than hits), and have turned off visits processing for the central Log Server service, make sure visits are enabled in the [Visits] section of the INI file for the remote Log Server instance.
[Visits]
VisitTime=10
UsingVisits=true
VisitSortTimeDelay=30
 
* 
Note 
When centralized logging is used, log record consolidation is automatically disabled on remote Log Server instances (regardless of the setting in LogServer.ini or TRITON - Web Security). To use log record consolidation, enable it for the central Log Server.
5.
Save and close the file.
6.
To configure this Log Server instance to run as the domain user created in Part 1 of this procedure:
a.
In the Windows Services dialog box, right-click Websense Log Server and select Properties.
b.
Select the Log On tab, then, under "Log on as," click This account.
c.
Browse to the domain user created for this purpose, then enter and confirm the account password.
d.
When you are finished, click OK to return to the main Services window.
7.
To start Log Server, right-click Websense Log Server again, then select Start.
Repeat the process for each remote Log Server machine.

Go to the table of contents Go to the previous page Go to the next page
Web Security Deployment Recommendations > Additional reporting considerations
Copyright 2016 Forcepoint LLC. All rights reserved.