Diagnostic steps when logging is not working

Article Number: 000002180
2180
Products: Web Security and Filter, Web Security Gateway, Web Security Gateway Anywhere, Websense Enterprise
Versions: 6.3, 7.0, 7.1, 7.5, 7.6, 7.7

Problem Description

What steps do you follow to diagnose and fix places where the logging has stopped working?
 

Resolution

Note: Disable windows firewall before following the troubleshooting steps below.

For v7.7, please reference the information provided in the Log Server Troubleshooting Guide.

1. Is Log Server service running? 

  • Check, Start > Run > services.msc. If stopped, try restarting and see whether the service remains started.
  • If the service is starting and stopping this is normally an issue with SQL permissions or connection to the SQL database.

 2. Are tmp files building up in the Cache folder?

  • Check the Cache and BCP folders. Are tmp files building up in either of these folders?
  • If no tmp files are being created in either folder, run TestLogServer to check whether you are receiving any log traffic from the Filtering Service.

 3. Is SQL Server Agent service running?

  • Check, Start > Run > services.msc. By default, Microsoft sets this service as “manual startup" so ensure this service is started and set to automatic.
Note: SQL Agent is not required if using 7.6 with SQL 2008 R2 Express.

4. Within Websense Manager, do you see current active partitions?

  • There must be at least one “active” partition to receive data.
  • Try creating a new partition from Websense Manager. Go to Settings > Reporting > Log Database > Database Partition Creation and click "Create Now." After a short period, you should see a new active partition listed.

 5. Status of SQL jobs?

  • Within SQL, check the history of the 3 Websense SQL jobs (Websense_ETL_Job, Websense_IBT_DRIVER, Websense_Maintenance_Job).
  • Have there been any errors? What happens if you try and run jobs manually by right clicking on each job and select "Start Job at Step."
  • If errors are seen, you can manually run the ETL job. Open SQL Query Analyzer, select the Websense catalog database (normally named wslogdb70), then paste in "EXEC dbo.USP_ETL_DRIVER " and execute the Query.
NOTE: For v7.6 and later integrated with SQL Server 2008 R2 Express, the SQL jobs are not employed.

 6. SQL Permissions.

  • Is the customer using Trusted or SQL Authentication?
  • Check if  the account is using sysadmin privileges and has full db_owner (dbo) rights to (master, model, tempdb, msdb and the Websense databases)
  • If this still doesn't work, try creating a new SQL account and give it full sysadmin privileges and db_owner rights to the databases listed above. Then update the Websense SQL Jobs, ODBC connection, and Log Server Configuration utility (pre v7.7) to use this new SQL account. Finally, restart the Websense Log Server service.
  • If this still doesn't work, then try using the actual SQL “sa” account for the Websense Log Server. Afterwards, restart the Log Server and see if logging starts working.
NOTE: For v7.6 and later integrated with SQL Server 2008 R2 Express, the SQL jobs are not employed. See TRITON - Web Security help for proper SQL permissions.

 7. Changing insertion methods.

  • If the customer is using BCP, then you can try changing this back to ODBC and then restart Log Server to see if this resolves the problem.

 8. Checking the etl_config table within SQL.

  • Open SQL Management Studio and browse to the Websense catalog database (normally named wslogdb70).
  • Expand Tables, right click dbo.wse_etl_config, and select Open Table.
  • Check the max_buffer_size value. The value should be 50000. Update if necessary and then close the table.
  • Re-open the table to ensure the update value is retained.
  • Check to see if logging is working.
 9.  Check the size of the tempdb database.
  • On MSDE (pre 7.6), if the tempdb database reaches the 2 GB limit, this may cause logging to stop. 
  • You may see a similar message in the SQL Server logs when this occurs:
    • SQLServer Error: 9002, The log file for database 'tempdb' is full. Back up the transaction log for the database to free up some log space.  [SQLSTATE 42000]
  • Solution is to restart the SQL services to clear the tempdb database

 10.  When filtering service from a V-Series appliance is pointing to logserver.
 

  • If there is no logging traffic seen via TestLogServer than remove the IP under TRITON - Web Security manager > Settings > Logging and enter an alternate IP (e.g. 1.1.1.1) and save changes.
  • You can run TCPDump on the V-Series appliance and filter for tcp.port=55805.  You can verify logging traffic by finding 127.0.0.1 to 127.0.0.1 on port 55805.
  • Re-enter the correct IP in the logging entry and it should now start logging.


If you are still having issues, enable Log Server debugging.  This shows you where the problem is located:  

  1. For details, see the "How do I debug the Log Server service?" article.

11.  If filtering is working correctly, check to see if Anti-virus software is preventing Log Server from creating cache files within the Websense cache folder.
 
 
12.  If TRITON – Web Security console displays the following error message:
  • usp_sb_run_scheduled_job: Could not allocate a new page for database 'wslogdb76' because of insufficient disk space in filegroup 'PRIMARY'. Create the necessary space by dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Check to see if:

  1. Sufficient free disk space exists for creating new partitions.
  2. SQL Autogrowth is enabled. Select the Websense catalog database (wslogdb70), right click select Properties. See image.
    • User-added image
  3. SQL Server has the correct permissions. Validate the “Log On As" account being employed. This account needs to have full read and write permissions on the folder where new partitions are created. (The image above also shows the location of the database files.)

Notes & Warnings

For additional questions concerning Log Server, please see the articles:

  • For version 7.6, the default directory for 'new' installs is C:\Program Files\Websense\Web Security\ (32-bit machines) or C:\Program Files (x86)\Websense\Web Security\ (64 bit machines). The directory for upgrades to v7.6 is C:\Program Files\Websense\.

Article Rating:

Do you have any additional feedback?    close

How are we doing?

Provide us feedback on your experience with the Service Request portal.

provide feedback >