Log Server Configuration Utility > Configuring WebCatcher

Configuring WebCatcher

 

Related topics: Configuring Log Server connections Configuring Log Server database options Configuring log cache files Configuring consolidation options WebCatcher Authentication Stopping and starting Log Server

WebCatcher is an optional feature that collects unrecognized URLs and security URLs, and submits them to Websense, Inc., where they are analyzed for potential security and liability risks, and for categorization. (Full URL logging is not required for WebCatcher processing.) Websense, Inc., reviews information and updates the Master Database with newly categorized URLs, resulting in improved filtering.

Choose the types of URLs to send, and set the file size and processing time on the WebCatcher tab of the Log Server Configuration utility.

Note  In an environment with multiple Log Servers, WebCatcher is enabled for only one Log Server. Once it has been enabled, this tab is unavailable when running the Log Server Configuration tool for other Log Server instances.

The information sent to Websense, Inc., contains only URLs and does not include user information.

The following example illustrates the information that would be sent if you activated WebCatcher. The IP address in this example reflects the address of the machine hosting the URL, not the requestor's IP address.

<URL HREF="http://www.ack.com/uncategorized/" CATEGORY="153" IP_ADDR="200.102.53.105" NUM_HITS="1" />

WebCatcher data is sent to Websense, Inc., via HTTP Post. You may need to create roles or make other changes on your proxy server or firewall to permit the outgoing HTTP traffic. Refer to the proxy server or firewall documentation for instructions.

1.	Select one of the following options:

Yes, send only specified URLs to Websense activates WebCatcher processing. You must indicate which URLs to send. Continue to step 2.

No, do not send information to Websense deactivates WebCatcher processing. No further entries are required if you choose this option.

2.	Check Send uncategorized URLs to send a list of all uncategorized URLs found in your Log Database.

Websense, Inc., analyzes uncategorized URLs it receives, and adds them to the Master Database categories, as appropriate. This improves filtering accuracy for all organizations.

Note  Intranet sites are not sent by WebCatcher. This includes all sites with IP addresses in the 10.xxx.xxx.xxx, 172.16.xxx.xxx, and 192.168.xxx.xxx ranges.

3.	Check Send security URLs to send a list of security URLs found in your Log Database.

Security URLs received are analyzed by Websense, Inc., to determine the activity of sites in the Keyloggers, Malicious Web Sites, Phishing and Other Fraud, and Spyware categories.

4.	Under Select the country/region which best reflects your location, select the country where the majority of activity is being logged.

5.	Check the Save a copy of the data being sent to Websense option to save a copy of the data that transmitted to Websense, Inc.

When this option is enabled, WebCatcher saves the data as unencrypted XML files in the Websense\bin directory. These files are date and time stamped.

6.	Under Maximum upload file size, indicate how large the file can grow (from 4096 KB to 8192 KB) before sending it to Websense.

Ensure that your system can post a file of this size via HTTP Post.

7.	For Minimum Daily start time, set the start time for WebCatcher to send the file if the size threshold has not been reached that day.

This assures that the information is submitted and cleared from your system at least once each day.

8.	Click the Authentication button if the Log Server machine must authenticate to access the Internet.

See WebCatcher Authentication for information about the Authentication dialog box that appears.

9.	Click Apply to save any changes, then stop and restart Log Server (see Stopping and starting Log Server).

Log Server Configuration Utility > Configuring WebCatcher