Go to the table of contents Go to the previous page Go to the next page
Web Security Deployment Recommendations > Additional reporting considerations
Additional reporting considerations
Deployment and Installation Center | Web Security Solutions | Version 7.7.x
 
When you install Web Security reporting components, you can configure how those components communicate with the SQL Server database (Log Database). Port and encryption settings selected during installation can be changed after installation, if needed.
In addition, if you are planning to deploy reporting components for a large or geographically distributed organization, and need to use a single, centralized database for reporting, see Configuring distributed logging for configuration options.
Using a custom port to connect to the Log Database
During TRITON Infrastructure and Websense Log Server installation, you can specify which port to use for Microsoft SQL Server communication. By default, the standard ODBC port (1433) is used.
If you want to use another port, keep in mind that SQL Server typically assigns:
*
*
Use the SQL Server Configuration Manager to configure the port used by each SQL Server instance. See your Microsoft documentation for assistance.
Using SSL to connect to the Log Database
During TRITON Infrastructure and Websense Log Server installation, you are given the option to connect to Microsoft SQL Server using an SSL-encrypted connection.
In determining whether to configure reporting and management components to use SSL encryption for Log Database communication, keep in mind that:
*
*
*
If SSL is required, no data can be displayed in the Web Security Dashboard or other reporting tools.
Before enabling SSL encryption during Websense software installation, configure Microsoft SQL Server encryption settings.
1.
Launch SQL Server Configuration Manager (for example, Start > All Programs > Microsoft SQL Server 2008 > Configuration Tools > SQL Server Configuration Manager).
2.
Right-click the SQL Native Client x.x Configuration entry used in your SQL Server installation, then select Properties.
Two parameters are listed:
*
Force Protocol Encryption: The default setting (No) means that encrypted connections are accepted but not required. This setting is typically best for use with Websense security solutions.
If this is set to yes, only encrypted connections are accepted.
*
Trust Server Certificate: The default setting (No) means that only certificates issued by a Certificate Authority (CA) are accepted for encrypting connections to the database. This requires that a CA-signed certificate be deployed to the SQL Server, Log Server, and TRITON management server machines before Websense components can use a secure connection to connect to the database.
When this parameter is set to Yes, self-signed SSL certificates may be used to encrypt the connection to the database. In this case, the certificate is generated by the SQL Server machine and shared by all components needing to connect to the database.
If you enable SSL encryption during installation, Force Protocol Encryption is set to Yes, and Trust Server Certificate is set to No, CA-signed certificates must be installed on the TRITON management server and Log Server machines before the component installation will succeed.
Using BCP for log record insertion with SQL Server 2008
The Web Security Log Database can use either of 2 methods to insert log records into the Log Database (reporting database):
*
ODBC (Open Database Connectivity inserts records into the database individually, using a database driver to manage data between Log Server and Log Database.
*
BCP (Bulk Copy Program) inserts records into the Log Database in groups called batches. This option is recommended because it offers better efficiency than ODBC insertion.
Before you can use BCP for log record insertion with SQL Server 2008, 2 Microsoft component must be installed on the Log Server machine:
*
Microsoft SQL Server 2008 Native Client is installed by the TRITON Unified Installer, when you install Web Security Log Server on the machine.
*
Microsoft SQL Server 2008 Command Line Utilities are available as a free download from Microsoft:
http://www.microsoft.com/en-us/download/details.aspx?id=16177
After you install the SQL Server 2008 Command Line Utilities, perform the following configuration steps to ensure that Log Server can access the BCP utility:
1.
Locate the bcp.exe file installed with the SQL Server 2008 Command Line Utilities and make a note of the path to the file. The default location is:
C:\Program Files\Microsoft SQL Server\100\Tools\Binn\bcp.exe
2.
Navigate to the Websense bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin\) and open LogServer.ini in a text editor.
3.
Locate the BCPExePath parameter, and set its value to the path noted in step 1. For example:
BCPExePath=C:\Program Files\Microsoft SQL Server\100\Tools\Binn\bcp.exe
4.
Save and close the LogServer.ini file.
5.
6.
Use the Settings > Reporting > Log Server page in TRITON - Web Security to configure Log Server to use BCP for log record insertion.
Configuring distributed logging
If you have a large or distributed environment that requires multiple Log Server instances, you can configure each Log Server to record data to a separate Log Database. If you do not need a central repository of reporting data that can be used to generate organization-wide reports, this may be the most efficient deployment option.
If you, however, you need a single Log Database in order to store all reporting data in a central location, you have 2 options:
*
*
The first option does not require special configuration steps. You need only ensure that each Log Server instance points to the same database (both database engine IP address or hostname and database instance name).
The second option requires more planning and configuration detail, as outlined in the sections that follow.
Note that centralized log processing is not as fast as local logging. Expect a delay of 4 or 5 minutes before the files from remote Log Servers appear in the cache processing directory on the central Log Server.
Part 1: Prepare for centralized logging
1.
mydomain\WebsenseLogServer
This ensures that permissions are consistent for all instances, and facilitates communication between distributed Log Server instances and the central instance.
2.
All remote Log Server instances must be able to communicate with the central Log Server machine.
3.
a.
C:\Program Files (x86)\Websense\Web Security\bin\logscache\
b.
Right-click the new folder and select Properties. On the Sharing tab, select Share this folder and provide the information requested.
Optionally, also restrict access to the folder to the domain user account assigned to all Log Server instances.
The shared folder is available within the network via its UNC file path (\\<host_name>\<folder_name>). For example:
\\logserver01\logscache
4.
a.
b.
Open Windows Explorer and go to Tools > Map Network Drive.
c.
d.
Part 2: Configure the central Log Server
1.
2.
Navigate to the Websense bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin, by default) and open the LogServer.ini file in a text editor.
3.
[CacheFileWatcher]
Active=
true
TimeInterval=180
FilePath=<path_to_shared_cache_folder>
*
Set the Active parameter to true to configure the central Log Server to process cache files from remote Log Server instances.
*
Optionally, edit the TimeInterval value to determine how frequently (in seconds) the central Log Server checks the cache directory for new files to process.
*
Set the FilePath parameter to the shared directory you created in Part 1 of this procedure (in the example above, the value is C:\Program Files (x86)\Websense\Web Security\bin\logscache\).
4.
Next, search for [Visits] section of the file to change the UsingVisits parameter to false. (This can also be configured via the Settings > Reporting > Log Server page in TRITON - Web Security.) The section looks like this:
[Visits]
VisitTime=10
UsingVisits=
false
VisitSortTimeDelay=30
This ensures that visits processing (if enabled) is performed only once, by the remote Log Server instances.
 
Note 
5.
6.
a.
In the Windows Services dialog box, right-click Websense Log Server and select Properties.
b.
Select the Log On tab, then, under "Log on as," click This account.
c.
d.
When you are finished, click OK to return to the main Services window.
7.
To start Log Server, right-click Websense Log Server again, then select Start.
Part 3: Configure remote Log Server instances
1.
2.
Navigate to the Websense bin directory, then open the LogServer.ini file for that instance in a text editor.
3.
[LogFile]
MoveCacheFile=FALSE
MoveCacheFilePath=C:\Program Files\Websense\bin\CacheProcessing
ProcessCacheFile=TRUE
[UserGroups]
ProcessGroups=FALSE
ProcessUserFullName=FALSE
;Distributed Logging Remote LogServer
[CacheLogging]
Active=
true
TimeInterval=180
MinFileSize=1048576
MaxFileSize=5242880
CacheFileProcessingPath=C:\Program Files\Websense\bin\CacheProcessing
CacheFileOutputPath=<UNC_path_to_mapped_drive>
*
Set the Active parameter to true to configure the remote Log Server to place cache files in the "CacheFileProcessingPath" directory and forward them to the central Log Server.
*
Optionally, change the TimeInterval value to determine how often (in seconds) the remote Log Server closes the current cache file and creates a new one.
*
You can also edit the MinFileSize and MaxFileSize (in bytes) for each cache file. The default minimum is 1 MB; the default maximum is 5 MB.
*
Set CacheFileProcessingPath to a local directory on the remote Log Server machine. Cache files are created on the local machine before being sent to the mapped drive on for processing by the central Log Server.
*
Set CacheFileOutputPath to the UNC file path of the shared folder on the central Log Server machine.
4.
[Visits]
VisitTime=10
UsingVisits=
true
VisitSortTimeDelay=30
 
Note 
5.
6.
a.
In the Windows Services dialog box, right-click Websense Log Server and select Properties.
b.
Select the Log On tab, then, under "Log on as," click This account.
c.
d.
When you are finished, click OK to return to the main Services window.
7.
To start Log Server, right-click Websense Log Server again, then select Start.
Repeat the process for each remote Log Server machine.

Go to the table of contents Go to the previous page Go to the next page
Web Security Deployment Recommendations > Additional reporting considerations
Copyright 2016 Forcepoint LLC. All rights reserved.