Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
I have a distributed network of subnets spread out geographically, all connected via point to points or internet T1s with firewalls. I want one central repository for capturing log information. How should I deploy WebSense Logging? Should I install the database at the central point and install the Log Server on each WebSense server on each subnet, or does the Log Server need to be installed at the central point only?
One recommendation I would have, and I'm sorry if this isn't the right place to do this, is modify the installer to focus on the role of the WebSense server, such as the Policy Broker Main Hub, a central Log Report Server, or a satellite filtering server at a remote office, and then install the typical services required for that setup. Not that what you have now doesn't work, but I've always found it easier to install things by roles, and less so than by features.
According to your current network infrastructure, you can deploy multiple filtering services separately on each of your remote office, and all of these filtering services can point to one policy server in your central office. In this deployment, you can only have one log server installed in your central office, and all the log data will be logged into one log database instance.
Note: One policy server should have one log server. If you deployed multiple policy servers, multiple log servers are required.
Websense Forum ModeratorWeb Security | Data Security | Email Security
Hacken, sorry to comment on an old thread, but in this scenario, is it possible to have policy servers at each site, each with their own log server, but only have the policy broker at one site, and both the other remote sites to it?
Don't mean to hijack the thread, but I am pretty sure you can do this. This was why websense moved to a policy broker service.
I am not sure of the implications of having multiple Log servers though. Your reporting information would then be spread over multiple DB's. You would probably need a Websense manager at each site to allow for reporting on each database.
Susie, maybe you can comment on this?
Hi,
Which Websense version are you using?
Log Server can log to only one Log Database at a time, and only one Log Server can be installed for each Policy Server. If your environment includes both multiple Policy Servers and multiple Log Servers, make sure you log on to each Policy Server separately, and verify that it is communicating with the correct Log Server. All Log Server instances should be configured to send data to the main Log Database at the main site. See more information on the Web Security Help for your version.
For v7.5
If you have multiple Log Server instances, there are special considerations for also deploying multiple TRITON - Web Security instances. In these distributed logging environments, it is important that only one TRITON - Web Security instance be used for reporting. Administrators connecting to the reporting instance of TRITON – Web Security will see all reporting features. Administrators connecting to other TRITON - Web Security instances will not see reporting features.
Best regards
This would be in regards to v7.5. I think I understand what you are saying, I just want to verify that with multiple log servers and policy servers, can you still have just 1 policy broker service, so that you wouldn't have to manually update policies at all locations. I understand that you would have to log in to each location's websense manager in order to do reporting, since they each have their own log server. Is this correct?
Thanks for the feedback so far!
1. With multiple log servers and policy servers, can you still have just 1 policy broker service?
Yes.
2. I understand that you would have to log in to each location's websense manager in order to do reporting, since they each have their own log server. Is this correct?
Yes. but all Log Server instances should be configured to send data to the main Log Database at the main site, and only the main websense manager be used for reporting.
Hey Susie,
I understand from your above reply that ,even thought we have multiple log servers , we can still get centralized reporting with v7.5,,
Could you please help me finding as in what specific configuration would be required to achieve this.
I shall really be thankful.
Background -
We have 2 V10k appliance, now we want complete HA on both WSG+WWS... hence we have used the first appliace to serve as Centralized policy broker+Database for both V10ks
Therfor if 1st appliance goes down , 2nd works for 14 days with same policies......now the problem is reporting ...
as both appliances have their own policy servers , hence 2 diffrent log servers, which is not an ideal situation...coz for complete employee details, we have to login to 2 different WWS and generate..
As I am not very familiar with V10K issue, I would recommend that you raise a support case. I am sorry I cann't help you.
Kind regards,
Yuting_W: Hi, Which Websense version are you using? Log Server can log to only one Log Database at a time, and only one Log Server can be installed for each Policy Server. If your environment includes both multiple Policy Servers and multiple Log Servers, make sure you log on to each Policy Server separately, and verify that it is communicating with the correct Log Server. All Log Server instances should be configured to send data to the main Log Database at the main site. See more information on the Web Security Help for your version. For v7.5 If you have multiple Log Server instances, there are special considerations for also deploying multiple TRITON - Web Security instances. In these distributed logging environments, it is important that only one TRITON - Web Security instance be used for reporting. Administrators connecting to the reporting instance of TRITON – Web Security will see all reporting features. Administrators connecting to other TRITON - Web Security instances will not see reporting features.
about v.7.5: does websense have some solutions on version v7.6? I need to see all reports(logs) about all offices on Central office and each secondary office must see own reports (logs).
