Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Stay informed on the latest security exploits, industry news, research, solutions, and more.
We would like to be able to automate the exporting of the audit log reports to be imported into our Arcsight system.
Websense doesn't have this feature currently.
that's why he put the request in for "Suggest a feature"
JACOB SLOAN, CCNA, WCSE
Thanks for the explanation above.
Hello Dan_HE,
We are looking into your request, and I would like to ask you for more details regarding your situation. What is Arcsight and why would you like to automate the exporting of the audit log reports into Arcsight? Also, where or how are you using this? It would be very helpful for us if you can provide some scenarios for which you will use this process.
Thank you!
Jinny
Hi,
Just saw this posting and I am also wondering if this feature is or will be available? Is there even a log to load into a log management system? I know some websense products are already supported by arcsight but not sure if the appliance based solution is.
Thank you
Ryan
I am not sure if you have solved it or not but I am looking for the simillar solution.
Looks like Arcsight does support websense with snmp based connector but there is not enough information on how to write a connector which can read proxy acccess logs for log management.
normally with squid proxy one can forward proxy logs to syslog and then use them in Arcsight and I am wondering if simillar can be implemented for Arcsight.
May be a custom connector which can read the logs and then parse them correctly for Arcsight but in order to do that the logs should be in a file .
question is how can one access access log for websense proxy engine.
If access to the logs is possible or the logs can be sent to syslog then its not an issue to have them in Arcsight but only someone from support can answer that.
let me know if u have any development on ur side or if someone from support can answer this
ash7aq: May be a custom connector which can read the logs and then parse them correctly for Arcsight but in order to do that the logs should be in a file .
A custom SQL query connector in ArcSight should work. I haven't done this yet, but it would require being familiar with the DB schema.
I've written some custom reporting apps int he past, and it's not terribly straightforward. Start looking at the incoming view =D
I second this feature request for automating the export of Websense audit logs to ArcSight. If there is a relatively straightforward way of doing it right now, custom logging or otherwise, please share this with us.
Thank you.
I opened a case with Websense and a support guy helped us .
He forwarded the syslog to the logger. I am able to see logs now at ArcSight. All you need to do after that is to do parsing of the logs with the correct fields.
Open the case with websense and I am sure someone will be able to help you .,
audit logs do not equal syslogs. Keep that in mind when setting up Syslog forwarding.
Even we are looking for the automated audit log export. Websense can send it in the form of Email on Monthly basis or on customized days basis. Also let us know where these Audit logs stored and let us know the file name too.
Thanks & Regards,
Mohan Babu
The Audit Logs are stored in the Policy Database. They are not stored in a flat file that can be read by some application.
Thanks Jacob. Can you tell us how to see the Audit Logs in Policy Database. Is it possible to provide us step by step procedure to see the Audit logs in Policy Database.
Thanks in advance!!!
Regards,
You log into Triton, and you look at the Audit Log that way.
We don't have any defined ways (supported,certified) to do it otherwise.
If you dive into the Policy Database, you are on your own, and run the sever risk of blowing up your Policy Broker, and all the Policy Servers attached. So... be careful.
