If you have a large or distributed environment that requires multiple Log Server instances, you can configure each Log Server to record data to a separate Log Database. If you do not need a central repository of reporting data that can be used to generate organization-wide reports, this may be the most efficient deployment option.
If you, however, you need a single Log Database in order to store all reporting data in
The first option does not require special configuration steps. You need only ensure that each Log Server instance points to the same database (both database engine IP address or hostname and database instance name).
The second option requires more planning and configuration detail, as outlined in the sections that follow.
Note that centralized log processing is not as fast as local logging. Expect a delay of 4 or 5 minutes before the files from remote Log Servers appear in the cache processing directory on the central Log Server.
Part 1: Prepare for centralized logging
1. Identify or create a domain user account to use for running each Log Server service. For example:
mydomain\WebsenseLogServer
This ensures that permissions are consistent for all instances, and facilitates communication between distributed Log Server instances and the central instance.
2. Identify which Log Server instance will serve as the central Log Server and note its hostname or IP address.
All remote Log Server instances must be able to communicate with the central Log Server machine.
3. Create a shared folder on the central Log Server machine for all Log Server instances to access:
a. Create the folder. For example:
C:\Program Files (x86)\Websense\Web Security\bin\logscache\
b. Right-click the new folder and select Properties. On the Sharing tab, select Share this folder and provide the information requested.
Optionally, also restrict access to the folder to the domain user account assigned to all Log Server instances.
The shared folder is available within the network via its UNC file path (\\<host_name>\<folder_name>). For example:
\\logserver01\logscache
4. On the remote Log Server machines, create a mapped drive for the cache folder created in step 3:
a. Log on to each Log Server machine as the domain user assigned to all Log Server instances.
b. Open Windows Explorer and go to Tools > Map Network Drive.
c. Select a drive letter for the mapped drive, browse to the shared folder created in step 3, and then click Finish.
d. Make sure that you can copy a small text file from the remote Log Server machine to the shared drive.
Part 2: Configure the central Log Server
1. Go to the central Log Server machine and use the Windows Services dialog box (Start > Administrative Tools > Services) to stop Websense Log Server service.
2. Navigate to the Websense bin directory (C:\Program Files (x86)\Websense\Web Security\bin, by default) and open the LogServer.ini file in a text editor.
3. Search for the phrase “Centralized LogServer,” then make the following changes:
[CacheFileWatcher]
Active=true TimeInterval=180
FilePath=<path_to_shared_cache_folder>
Set the Active parameter to true to configure the central Log Server to process cache files from remote Log Server instances.
Optionally, edit the TimeInterval value to determine how frequently (in seconds) the central Log Server checks the cache directory for new files to process.
Set the FilePath parameter to the shared directory you created in Part 1 of this procedure (in the example above, the value is C:\Program Files
(x86)\Websense\Web Security\bin\logscache\).
4. Next, search for [Visits] section of the file to change the UsingVisits parameter to false. (This can also be configured via the Settings > Reporting > Log Server page in the Web Security manager.) The section looks like this:
[Visits]
VisitTime=10 UsingVisits=false VisitSortTimeDelay=30
This ensures that visits processing (if enabled) is performed only once, by the remote Log Server instances.
5. Save and close the file.
6. To configure this Log Server instance to run as the domain user created in Part 1 Note
When centralized logging is used, log record consolidation is automatically disabled on remote Log Server instances (regardless of the setting in LogServer.ini or the Web Security manager). To use log record consolidation, enable it for the central Log Server.
7. To start Log Server, right-click Websense Log Server again, then select Start.
Part 3: Configure remote Log Server instances
1. Go to a remote Log Server machine and use the Windows Services dialog box to stop the Websense Log Server service.
2. Navigate to the Websense bin directory, then open the LogServer.ini file for that instance in a text editor.
3. Search for the phrase “Remote LogServer” and make the following changes:
[LogFile]
Set the Active parameter to true to configure the remote Log Server to place cache files in the “CacheFileProcessingPath” directory and forward them to the central Log Server.
Optionally, change the TimeInterval value to determine how often (in seconds) the remote Log Server closes the current cache file and creates a new one.
You can also edit the MinFileSize and MaxFileSize (in bytes) for each cache file. The default minimum is 1 MB; the default maximum is 5 MB.
Set CacheFileProcessingPath to a local directory on the remote Log Server machine. Cache files are created on the local machine before being sent to the mapped drive on for processing by the central Log Server.
Set CacheFileOutputPath to the UNC file path of the shared folder on the central Log Server machine.
4. If you want to record visits (rather than hits), and have turned off visits processing for the central Log Server service, make sure visits are enabled in the [Visits]
section of the INI file for the remote Log Server instance.
[Visits]
VisitTime=10
UsingVisits=true VisitSortTimeDelay=30
5. Save and close the file.
6. To configure this Log Server instance to run as the domain user created in Part 1 of this procedure:
a. In the Windows Services dialog box, right-click Websense Log Server and select Properties.
b. Select the Log On tab, then, under “Log on as,” click This account.
c. Browse to the domain user created for this purpose, then enter and confirm the account password.
d. When you are finished, click OK to return to the main Services window.
7. To start Log Server, right-click Websense Log Server again, then select Start.
Repeat the process for each remote Log Server machine.