Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Security Reporting FAQ : How does the logging process work?
How does the logging process work?
50377 | Reporting FAQ | Web Security Solutions | Updated 22-Oct-2013
Applies to:
Websense Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8
When users browse the Web, their activity as recorded as log data:
1.
Network Agent, Content Gateway, or a third-party integration forwards the Internet request to Filtering Service.
2.
Filtering Service determines the appropriate response to the request.
3.
By default, Filtering Service forwards a record of the transaction to Log Server.
If you have enabled integration with a third-party SIEM tool, Filtering Service forwards the request instead to Websense Multiplexer, which then sends the request to both Log Server and the SIEM tool. See Websense SIEM Solutions for more information.
4.
Log Server stores the data in temporary cache or BCP files on the local hard disk.
5.
When the load of incoming data is not too heavy, Log Server performs preprocessing on the cached files and forwards them to the Log Database.
*
Log Server can process multiple, similar log records into a single record in a process called log record consolidation.
*
Log Server can combine the elements that make up a web page (like advertisements, graphics, and text) into a single record using visits processing.
Information about Log Server preprocessing options can be found in the Administering Websense Databases paper.
6.
The Log Database temporarily stores each log record in a table in the catalog database.
7.
Database jobs move the data to various tables in the partition databases. For more information about how the jobs work, see "Database jobs" in the Web Security Help (v7.7 or v7.8).
Data in the partition databases can be used in dashboard, investigative, and presentation reports (see "Use Reports to Evaluate Internet Activity" in the Web Security Help (v7.7 or v7.8).
ODBC and BCP
Log Server can forward log records to the Log Database using either of 2 formats:
*
With ODBC (Open Database Connectivity), Log Server inserts records into the database individually. The data stored in Log Server cache files is moved directly to the database.
*
With BCP (Bulk Copy Program), Log Server inserts the data in batches. To do this, Log Server starts by moving the data from the cache files into a new set of storage files. From there, the data is moved to the database.
Configure data insertion options on the Settings > Reporting > Log Server page in the Web Security manager.
For more information about ODBC and BCP, see "Specify how log records are processed into the database" in the Web Security Help (v7.7 or v7.8).

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Security Reporting FAQ : How does the logging process work?
Copyright 2016 Forcepoint LLC. All rights reserved.