How analysis activity is logged

Administrator Help | TRITON AP-WEB | Version 8.0.x

There are important differences in the way that general Internet activity and advanced analysis activity are logged.

For general Internet activity, you have several options to reduce the size of the Log Database.

Enable visits to log only one record for each website requested. See Configuring Log Server.

Enable consolidation to combine into a single log record multiple requests with certain common elements. See Configuring Log Server.

Disable full URL logging to log only the domain name (www.domain.com) for each request, and not the path to the specific page in the domain (/products/productA). See Configuring how URLs are logged.


	Note If your organization needs reports that include the full URL of each site visited, you should leave full UR logging enabled. Otherwise, reports will include only the domain (www.domain.com) of the site categorized, even though individual pages within the site may fall into different categories, or be recategorized for different reasons.

Configure selective category logging to limit logging to only those categories that are required for your organization. See Configuring how requests are logged.


	Note Enabling visits, consolidation, or selective category logging, will impact the accuracy of Internet Browse Time.

Advanced analysis features, however, are bound only partially by these settings. When a site is analyzed, 2 separate log records are created.

Standard log records take advantage of any size reduction settings that have been implemented, and are available for all reporting tools.

Advanced analysis records ignore most size reduction settings. Every separate hit is logged, requests to all categories are logged, and no records are consolidated. These records are generated regardless of whether the site is blocked or permitted as a result of analysis. Only the setting for full URL logging is honored for advanced analysis records. Advanced analysis records are used to populate the Threats dashboard and presentation reports that focus on the results of Content Gateway analysis (like those described in Reporting on advanced analysis activity).

If you have enabled any Log Database size reduction options, the numbers that appear on the Threats dashboard and in presentation reports on Content Gateway analysis may not match those that appear in standard investigative and presentation reports, even when the reports are configured for the same users, time periods, and categories. For example, if you have chosen to log visits, and a user requests a site analyzed by scanning features, that user request appears as one visit in standard reports, but may show as multiple hits in advanced analysis reports.

To see comparable data for standard activity and advanced analysis disable the Log Database size reduction settings. Because this may result in a very large and fast-growing database, make sure that the Log Database machine has adequate hard disk, processing, and memory capacity.

See Reporting Administration for more information on configuring size reduction settings. See Presentation reports and Investigative reports for information on generating reports.