Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Full Traffic Logging : Setting up full logging
Setting up full logging
Forcepoint Web Security Cloud | Configuring Full Traffic Logging
Even though the correct permission (Log export) may be visible in your Account settings, the feature is not available by default. To make it available in your account, contact Support.
Once the feature is available, to set up full traffic logging in the cloud portal:
1.
We strongly recommend that the log download process has its own user name and password to gain access to the Forcepoint Web Security Cloud service. This keeps the process separate from your other administration tasks and enables you to establish longer password expiration policies.
2.
Full traffic logging can be enabled for your whole account or for specific policies.
3.
Create a new administrator contact
To create the new contact:
1.
2.
3.
Enter identifying information for the new contact in the First name and Surname fields. For example, "Traffic" and "Logging."
4.
Click Submit.
5.
Click the link provided to supply a User name for the account.
6.
7.
8.
Under Account Permissions, check the Log Export box, and any other permissions you want to give this user. You can act as an administrator from this logon.
 
Note 
If you give this contact only the Log Export permission and nothing else, the user name and password cannot be used to log on to the cloud portal. The View Reports permission is the minimum permission a user needs to be able to log on.
9.
Click Submit.
Enable full traffic logging
To enable log retention for your account:
1.
In the cloud portal, on the main toolbar, click Web, then select Full Traffic Logging (under Settings).
2.
Click Edit.
3.
Mark the Enable full Web traffic logging checkbox.
The text on this page states the conditions for using full traffic logging—namely, all data is retained for only 14 days, and if you do not download any files for a period of 14 days, full traffic logging is automatically disabled. For more information, see Troubleshooting full traffic logging.
This page also contains a link to a sample script that you can use to download and store your log files. You can edit this script to suit your needs. For more information, see Set up a download script.
4.
Click Submit.
By default, all web policies have the logging setting that you define at the account level. If you want to change the log retention for a particular policy:
1.
On the main toolbar, click Web, then select Policies (under Policy Management).
2.
On the Policies page, click the name of the policy you want to configure.
3.
4.
Under Full Traffic Logging, change the selection in the drop-down list from Use policy-wide default to either Enabled or Disabled. This overrides the account-level setting.
5.
Click Submit.
You can view the logs available for your account by going to https://sync-web.mailcontrol.com/hosted/logs and logging on with the user name and password that you set up with the Log Export permission. If you access this site immediately after you have set up full traffic logging, you will see only an empty XML script, but once Forcepoint Web Security Cloud has started to retain your logs, the page will show all available log files for download.
Each file name has the following format:
hosted_<SourceID>_<AccountID>_<ClusterIP>_<Version>_<Epoch>_<SequenceNo>.gz
The elements of the string are defined as follows:
For example, for log files from a cluster with the IP address 10.12.14.16 generated every 10 minutes, you might see the following:
hosted_xxxx1_1234_10.12.14.16_1_1236779400_1.gz
hosted_xxxx2_1234_10.12.14.16_1_1236780000_1.gz
hosted_xxxx1_1234_10.12.14.16_1_1236780000_2.gz
hosted_xxxx3_1234_10.12.14.16_1_1236780000_3.gz
hosted_xxxx1_1234_10.12.14.16_1_1236780600_1.gz
Set up a download script
To download the log files and save them to a location of your choice, you can either use the sample Perl script or create a script of your own. To save the sample script to your network:
1.
On the main cloud portal toolbar, click Web, then select Full Traffic Logging (under Settings).
2.
Click Edit.
3.
 
Warning 
The script can be run on Windows or Linux, and does the following:
*
*
*
*
*
 
Note 
If you customize the sample script or choose to write your own script, you must always include the DELETE method to remove the downloaded files from the server. This is because files are only retained for 14 days, and any files that have not been deleted after 7 days will trigger a warning email. For more information, see Troubleshooting full traffic logging.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring Full Traffic Logging : Setting up full logging
Copyright 2022 Forcepoint All rights reserved.