Go to the table of contents Go to the previous page Go to the next page
Deploying Web Protection Solutions > Additional reporting considerations
Additional reporting considerations
Deployment and Installation Center | Web Protection Solutions 
When you install web protection reporting components, you can configure how those components communicate with the Microsoft SQL Server database (Log Database). Port and encryption settings selected during installation can be changed after installation, if needed.
In addition, if you are planning to deploy reporting components for a large or geographically distributed organization, and need to use a single, centralized database for reporting, see Configuring distributed logging for configuration options.
Using a custom port to connect to the Log Database
During Forcepoint Management Infrastructure and Log Server installation, you can specify which port to use for Microsoft SQL Server communication. By default, the standard ODBC port (1433) is used.
If you want to use another port, keep in mind that SQL Server typically assigns:
*
*
Use the SQL Server Configuration Manager to configure the port used by each SQL Server instance. See your Microsoft documentation for assistance.
Using SSL to connect to the Log Database
During Forcepoint Management Infrastructure and Log Server installation, you are given the option to connect to Microsoft SQL Server using an SSL-encrypted connection.
In determining whether to configure reporting and management components to use SSL encryption for Log Database communication, keep in mind that:
*
*
Before enabling SSL encryption during web protection software installation, configure Microsoft SQL Server encryption settings.
1.
Launch SQL Server Configuration Manager.
2.
Right-click the SQL Native Client x.x Configuration entry used in your SQL Server installation, then select Properties.
Two parameters are listed:
*
Force Protocol Encryption: The default setting (No) means that encrypted connections are accepted but not required. This setting is typically best for use with Forcepoint security solutions.
If this is set to yes, only encrypted connections are accepted.
*
Trust Server Certificate: The default setting (No) means that only certificates issued by a Certificate Authority (CA) are accepted for encrypting connections to the database. This requires that a CA-signed certificate be deployed to the SQL Server, Log Server, and management server machines a secure connection can be used to connect to the database.
When this parameter is set to Yes, self-signed SSL certificates may be used to encrypt the connection to the database. In this case, the certificate is generated by the SQL Server machine and shared by all components needing to connect to the database.
If you enable SSL encryption during installation, Force Protocol Encryption is set to Yes, and Trust Server Certificate is set to No, CA-signed certificates must be installed on the management server and Log Server machines before the component installation will succeed.
Configuring distributed logging
If you have a large or distributed environment that requires multiple Log Server instances, you can configure each Log Server to record data to a separate Log Database. If you do not need a central repository of reporting data that can be used to generate organization-wide reports, this may be the most efficient deployment option.
If, however, you need a single Log Database in order to store all reporting data in a central location, you have 2 options:
*
*
The first option does not require special configuration steps. You need only ensure that each Log Server instance points to the same database (both database engine IP address or hostname and database instance name).
The second option requires more planning and configuration detail, as outlined in the sections that follow.
Note that centralized log processing is not as fast as local logging. Expect a delay of 4 or 5 minutes before the files from remote Log Servers appear in the cache processing directory on the central Log Server.
Part 1: Prepare for centralized logging
1.
mydomain\WebsenseLogServer
This ensures that permissions are consistent for all instances, and facilitates communication between distributed Log Server instances and the central instance.
2.
All remote Log Server instances must be able to communicate with the central Log Server machine.
3.
a.
C:\Program Files\Websense\Web Security\bin\logscache\
b.
Right-click the new folder and select Properties. On the Sharing tab, select Share this folder and provide the information requested.
Optionally, also restrict access to the folder to the domain user account assigned to all Log Server instances.
The shared folder is available within the network via its UNC file path (\\<host_name>\<folder_name>). For example:
\\logserver01\logscache
4.
a.
b.
Open Windows Explorer and go to Tools > Map Network Drive.
c.
d.
Part 2: Configure the central Log Server
1.
2.
Navigate to the bin directory (C:\Program Files\Websense\Web Security\bin, by default) and open the LogServer.ini file in a text editor.
3.
[CacheFileWatcher]
Active=
true
TimeInterval=180
FilePath=<path_to_shared_cache_folder>
*
Set the Active parameter to true to configure the central Log Server to process cache files from remote Log Server instances.
*
Optionally, edit the TimeInterval value to determine how frequently (in seconds) the central Log Server checks the cache directory for new files to process.
*
Set the FilePath parameter to the shared directory you created in Part 1 of this procedure (C:\Program Files\Websense\Web Security\bin\logscache\, for example).
4.
Next, search for [Visits] section of the file to change the UsingVisits parameter to false. (This can also be configured via the Web > Settings > Reporting > Log Server page in the Forcepoint Security Manager.) The section looks like this:
[Visits]
VisitTime=10
UsingVisits=
false
VisitSortTimeDelay=30
This ensures that visits processing (if enabled) is performed only once, by the remote Log Server instances.
 
Note 
5.
6.
a.
In the Windows Services tool, right-click Websense Log Server and select Properties.
b.
Select the Log On tab, then, under "Log on as," click This account.
c.
d.
When you are finished, click OK to return to the main Services window.
7.
To start Log Server, right-click Websense Log Server again, then select Start.
Part 3: Configure remote Log Server instances
1.
2.
Navigate to the bin directory, then open the LogServer.ini file for that instance in a text editor.
3.
[LogFile]
MoveCacheFile=FALSE
MoveCacheFilePath=C:\Program Files\Websense\bin\CacheProcessing
ProcessCacheFile=TRUE
[UserGroups]
ProcessGroups=FALSE
ProcessUserFullName=FALSE
;Distributed Logging Remote LogServer
[CacheLogging]
Active=
true
TimeInterval=180
MinFileSize=1048576
MaxFileSize=5242880
CacheFileProcessingPath=C:\Program Files\Websense\bin\CacheProcessing
CacheFileOutputPath=<UNC_path_to_mapped_drive>
*
Set the Active parameter to true to configure the remote Log Server to place cache files in the "CacheFileProcessingPath" directory and forward them to the central Log Server.
*
Optionally, change the TimeInterval value to determine how often (in seconds) the remote Log Server closes the current cache file and creates a new one.
*
You can also edit the MinFileSize and MaxFileSize (in bytes) for each cache file. The default minimum is 1 MB; the default maximum is 5 MB.
*
Set CacheFileProcessingPath to a local directory on the remote Log Server machine. Cache files are created on the local machine before being sent to the mapped drive on for processing by the central Log Server.
*
Set CacheFileOutputPath to the UNC file path of the shared folder on the central Log Server machine.
4.
[Visits]
VisitTime=10
UsingVisits=
true
VisitSortTimeDelay=30
 
Note 
5.
6.
a.
In the Windows Services tool, right-click Websense Log Server and select Properties.
b.
Select the Log On tab, then, under "Log on as," click This account.
c.
d.
When you are finished, click OK to return to the main Services window.
7.
To start Log Server, right-click Websense Log Server again, then select Start.
Repeat the process for each remote Log Server machine.

Go to the table of contents Go to the previous page Go to the next page
Deploying Web Protection Solutions > Additional reporting considerations
Copyright 2018 Forcepoint. All rights reserved.