Documentation
|
Support
Web Protection Reporting FAQ
: Why don't reports contain the data I expected?
Why don't reports contain the data I expected?
Reporting FAQ | Web Protection Solutions | v8.4.x, v8.5.x | 29-Apr-2022
Unexpected results in reports may indicate that a report needs to be generated differently, or that a problem exists elsewhere in your deployment.
Reports contain incorrect or inconsistent totals
Because a category may be assigned to multiple risk classes, reports based on risk class assignments may include data for some categories multiple times. This may appear to inflate the report totals.
To avoid this issue, generate the same report at the category or user level to produce a total that contains no duplication.
There are more Uncategorized requests than expected
A new web protection installation includes a small, partial URL database that allows policy enforcement to begin as soon as the installation is complete. This limited database includes primarily URL information related to security sites. As a result, non-security URLs are unlikely to be found in the database and are therefore assigned to the "Miscellaneous - Uncategorized" category.
As soon as you enter a valid subscription key in the management console, Filtering Service begins to download the full Forcepoint URL Database. Once the download is complete, the partial database is no longer used and URLs are categorized properly. (Note that log records that are already in the database are not updated to assign correct categories.)
While Forcepoint researchers pride themselves on their ability to categorize websites, new or rarely accessed URLs may be assigned to the Miscellaneous - Uncategorized category for a time. To help limit the number of uncategorized sites, enable WebCatcher and allow it to forward uncategorized URLs to Forcepoint researchers for review. See
What is WebCatcher?
for more information.
Reports do not have any bandwidth information
Forcepoint URL Filtering may be integrated with a number of third-party firewall, proxy, and caching products. Some of these integrations do not send bandwidth information to Filtering Service when users request a URL. As a result, no bandwidth data is recorded in the Log Database, and reports cannot include bandwidth information.
If you are using an integration product that does not send bandwidth information to Filtering Service, install Network Agent and enable enhanced logging to log bandwidth data. Once Network Agent is configured to see outbound traffic, it can gather and send the bandwidth information that the integration doesn't include.
See the
Network Agent Quick Start
for information about installing and configuring Network Agent.
Cloud App data is missing
Cloud app data is forwarded to the Log Database for inclusion in the Cloud Apps report. If cloud app data is missing:
Make sure the Cloud App Service on the Log Server machine is running.
If the Log Database was installed with Windows Authentication (trusted connection), make sure the Cloud App Service has been configured to run using the same trusted account.
Cloud App Service is installed on a machine when Log Server has been selected for installation. In configurations that include multiple Policy Brokers, the associated Policy Server may be configured to communicate with a single Log Server that is part of a different Policy Broker cluster. In those cases, any cloud app data that is processed by the Policy Server is not able to be forwarded by Cloud App Service.
In those deployments, install Log Server and, with it, Cloud App Service, on each Policy Broker cluster. Note that, although the new Log Server does not need to be configured with Policy Server, the Log Database Connection information must be added on the
Settings > Reporting . Log Server
page of Forcepoint Security Manager.
Web Protection Reporting FAQ
: Why don't reports contain the data I expected?
Copyright 2022 Forcepoint. All rights reserved.