Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Administering Forcepoint Databases > Understanding the reporting databases
Understanding the reporting databases
Administering Forcepoint Databases | Web, Data, and Email Solutions | v8.4.x
Each reporting database stores the logging data collected by a specific Forcepoint security solution: Forcepoint Web Security, Forcepoint URL Filtering, Forcepoint DLP, or Forcepoint Email Security.
*
The web protection Log Database stores Internet and cloud application request data collected by Log Server, such as the source, destination, time, category, risk class, action (also called disposition), bytes sent and received, and so on for use by web protection reporting tools.
Log Server receives information about Internet activity from Filtering Service and initially stores it locally:
Whenever it is able, Log Server forwards the cache files to the Log Database, where the ETL job processes them into log records in a database partition:
 
An end user who uses the Filtering Service has no direct or indirect influence over the database. Thus, although the log entry is stored in the Microsoft SQL Server database, the user did not direct its storage and cannot retrieve it.
The only interface to the database itself is from the Log Server, the reporting services, and the Forcepoint Security Manager. Filtering Service and Content Gateway do not access the database, but instead send information via the Log Server.
*
The Email Log Database stores records of email traffic and the associated analysis and disposition of that traffic. Forcepoint Email Security reporting uses this information to generate dashboard status charts and email activity reports showing, for example, the size and volume of messages processed, message analysis results, and email source and destination.
Log and quarantine data are recorded as follows:
 
*
Data Incident and Configuration Database stores information about email, web, and other traffic that resulted in data loss prevention (DLP) policy breaches, such as the source, destination, time, status, and severity of each breach. It also stores Forcepoint DLP policy configuration and system settings.
The reporting databases are all hosted by Microsoft SQL Server. They may be hosted by the same installation and instance, or by different installations or instances.
Although Microsoft SQL 2008 R2 Express (SQL Server Express) is packaged with your software, most organizations should purchase Microsoft SQL Server Standard or Enterprise. (See Can I use SQL Server 2008 R2 Express? for guidance.)
As a best practice, during installation, connect Forcepoint software to a SQL Server instance on another machine. For testing purposes, or in very small networks, it is possible to install SQL Server Express on the Forcepoint management server. For more information, see Microsoft SQL Server deployment options.
Related topics:
*
Microsoft SQL Server deployment options
*
Reporting database specifications and recommendations
*
How big will my reporting database be?
*
Can I use SQL Server 2008 R2 Express?
*
Factors that affect reporting database size
*
Other factors that affect the performance of Forcepoint reporting
*
Forcepoint reporting database FAQs

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Administering Forcepoint Databases > Understanding the reporting databases
Copyright 2017 Forcepoint. All rights reserved.