Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Administering Websense Databases > Factors that affect reporting database size
Factors that affect reporting database size
Administering Websense Databases | Web, Data, and Email Security Solutions | v7.6.x - v7.8.x
Applies to:                                         
In this topic                                       
*
Web Filter, Web Security, and Web Security Gateway (Anywhere), v7.6.x - v7.8.x
*
Data Security, v7.6.x - v7.8.x
*
Email Security Gateway (Anywhere), v7.6.x - v7.8.x
*
Web Security visits, consolidation, and full URL logging
*
Email Security sizing factors
*
Data Security sizing factors
Web Security visits, consolidation, and full URL logging
Websense Web Security uses proprietary algorithms to reduce the volume of log data in order to achieve a balance between visibility into users' Web browsing activity and the size and performance of the Log Database.
*
When you enable visits, Log Server combines the individual elements that create a Web page (such as graphics and advertisements) into a single log record that includes bandwidth information for all elements of the visit.
When this option is disabled, you instead log hits. In this case, a separate log record is created for each HTTP request generated to display different page elements, including graphics, advertisements, embedded videos, and so on. This creates a much larger Log Database that grows rapidly.
Disabling visits can increase the total amount of data stored in the Log Database by a factor of 2.5.
*
To further reduce the size of the database, enable log record consolidation. This combines multiple, similar Internet requests into a single log record, reducing the granularity of reporting data.
*
By default, Websense Web Security logs only the URL hostname for each request, instead of the full URL. Storing the full URLs provides more visibility into where users are going within a particular Web site, but increases the Log Database storage demands.
Enabling full URL logging can increase the size of each record in Web Security by 50%.
For information about more ways to either reduce the size of the Log Database or increase the amount of data recorded, refer to:
*
v7.6.x: Log Server Configuration Utility
*
v7.7.x: Log Database sizing guidance
*
v7.8.x: Log Database sizing guidance
Email Security sizing factors
Hybrid service
The Websense Email Security Gateway hybrid service drops email that comes from known bad (blacklisted) sources and blocks email with a very high spam score in the cloud before it ever reaches the Email Security Gateway appliance. This reduces the amount of data stored in the Email Security Log Database for reporting by 30 MB per user per month.
Above average email traffic: recipients, quarantined messages, or spam
The sizing guidelines above are based on the following assumptions about the email traffic handled by Email Security Gateway. These assumptions are derived from the average email traffic pattern of Websense customers over time.
*
There are an average of 5 recipients for each email message.
*
When hybrid service is not enabled, the ratio among spam messages, infected messages, and clean messages is 85-to-1-to-14.
*
The hybrid service scans only inbound email traffic, and it can block 25 percent of spam.
*
All outbound and internal email messages are clean.
Note that Email Security counts the number of recipients for each message rather than the number of messages sent. Each recipient is counted as a transaction.
If the pattern of email traffic in your organization exceeds these averages, your storage capacity will vary.
Data Security sizing factors
Number of discovery incidents
Websense Data Security limits the number of discovery incidents that can be stored in the Data Security Incident and Configuration Database in order to prevent improperly configured discovery policies from flooding the database. By default this limit is set to 1 million incidents. If you are using SQL Server Express, you should reduce this number to 250 thousand.
To do this:
1.
Log onto TRITON Console.
2.
Select the Data Security tab.
3.
Select Settings > General > System.
4.
Select the Reporting option from the System pane.
5.
Select the Discovery tab.
6.
Adjust the Maximum Discovery Incidents field.
Refer to "Setting preferences for discovery incidents" in the v7.6, v7.7, or v7.8 Data Security Help for more information.
 
* 
Note 
Data Discovery is not included in Websense TRITON Enterprise. It is an add-on feature that requires a separate subscription.
Rate of network and endpoint incidents
The rate of network and endpoint incidents detected varies widely across Websense customers. The sizing guidelines above are based on an average incident rate of 1 per user every 10 days (an incident is a policy violation). For best practice, periodically review the actual incident rate in the database to gauge how closely your environment matches this average, and then adjust your database storage requirements based on the actual data in your environment.
Do this by examining the Incident Trends report found in Data Security manager under Main > Reporting.
 
* 
Note 
Data Endpoint is not included with Websense TRITON Enterprise. It is an add-on feature that requires a separate subscription.
The Data Security database stores data in partitions per each calendar quarter. You can have 1 active partition for the current quarter.
If you are using Microsoft SQL Server Standard or Enterprise for your TRITON database, you can have a up to 8 online partitions (approximately 2 years), but if you are using SQL Server Express, you can have only 4 (approximately 1 year). (Online partitions are partitions that can be used to show reports and log data).
For both databases, you can have up to 12 archived partitions representing 3 years of records, and 4 restored partitions (1 year).
 
Partition type
Microsoft SQL Server Standard or Enterprise
SQL Server Express
Active
1 partition (current quarter)
1 partition (current quarter)
Online
up to 8 partitions (2 years)
up to 4 partitions (1 year)
Restored
up to 4 partitions (1 year)
up to 4 partitions (1 year)
Archived
up to 12 partitions (3 years)
up to 12 partitions (3 years)
Total available managed partitions
25
21
Refer to "Archiving incidents" in the v7.6, v7.7, or v7.8 Data Security Help for more information on archiving. For instructions on setting the maximum disk space allowed for the incident archive, refer to "Configuring the incident archive" v7.6, v7.7, or v7.8.
Size of user directory import
To support user-based policy and reporting, Websense Data Security imports entries from your user directory—such as Active Directory or Domino—into the Data Security Configuration Database. Depending on the size and design of your user directory, this can result in database space being consumed by entries that are not needed by Data Security. To reduce the number of imported user directory entries:
*
Configure Data Security to import entries from a more specific root context that is deeper in the tree than the directory's root context.
*
Restrict the user attributes that are imported by specifying specific attributes to import; or eliminate them altogether by disabling the import of user attributes.
To configure user directory settings:
1.
Log onto TRITON Console.
2.
Select the Data Security tab.
3.
Select Settings > General > System.
4.
Select the User Directories option from the System pane.
5.
Select the user directory to edit.
6.
Modify or add a root naming context.
7.
Modify the user attributes settings.
Refer to the "Adding a new user directory server" section in the v7.6, v7.7, or v7.8 Data Security Help for information on configuring these settings.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Administering Websense Databases > Factors that affect reporting database size
Copyright 2016 Forcepoint LLC. All rights reserved.