Transcription
v6.1Websense Enterprise ReportingAdministrator’s Guide
Websense Enterprise Reporting Administrator’s Guide 1996–2005, Websense, Inc.All rights reserved.10240 Sorrento Valley Rd., San Diego, CA 92121, USAPublished October 17, 2005Printed in the United States of AmericaNP33-0003RPTADMINThis document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronicmedium or machine-readable form without prior consent in writing from Websense, Inc.Every effort has been made to ensure the accuracy of this manual. However, Websense, Inc., makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose.Websense, Inc. shall not be liable for any error or for incidental or consequential damages in connection with the furnishing,performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.TrademarksWebsense and Websense Enterprise are registered trademarks of Websense, Inc. in the United States and certain international markets. Websense has numerous other unregistered trademarks in the United States and internationally. All othertrademarks are the property of their respective owners.Microsoft, Windows NT, Windows 2000, Windows 2003, Windows XP, internet Explorer, and Active Directory are trademarks or registered trademarks of Microsoft Corporation.Solaris is a registered trademark of Sun Microsystems, Inc., in the United States and other countries. Sun, Sun ONE andall Sun ONE based trademarks and logos are trademarks of Sun Microsystems, Inc.Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and other countries. NetscapeNavigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U.S.The following is a registered trademark of Novell, Inc., in the United States and other countries: Novell Directory Services.Adobe, Acrobat, and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in theUnited States and/or other countries.Pentium is a registered trademark of Intel Corporation.Red Hat is a registered trademark of Red Hat, Inc., in the United States and other countries.Linux is a trademark of Linus Torvalds, in the United States and other countries.This product includes software distributed by the Apache Software Foundation (http://www.apache.org).Copyright (c) 2000. The Apache Software Foundation. All rights reserved.Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companiesand are the sole property of their respective manufacturers.
ContentsChapter 1Understanding How Reporting Works . . . . . . . . . . . . . . . . . . . . . . . . . 7Understanding Websense Enterprise Reporting . . . . . . . . . . . . . . . . . . . . 8The Main Page in Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11The Database Page in Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Log Database Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Reporter’s Application Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Chapter 2Configuring to Use Windows Trusted Connection. . . . . . . . . . . . . . . 21Log Server Service Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Reporter Scheduler Service Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Log Database Manager Service Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . 24Database Settings page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Chapter 3Managing Access to Explorer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27The Reporting Tools Page in Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . 27Accessing Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Reporting Roles in Websense Enterprise. . . . . . . . . . . . . . . . . . . . . . 30Delegated Reporting Roles in Websense Enterprise – CorporateEdition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Virtual Private Network (VPN) Connections . . . . . . . . . . . . . . . . . . 33Identifying Remote Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34User Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Chapter 4Managing Access to Reporter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Chapter 5Managing Access to Real-Time Analyzer . . . . . . . . . . . . . . . . . . . . . . 39System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Reporting Administrator’s Guide3
ContentsAccessing Real-Time Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Starting Real-Time Analyzer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .User Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Configuring Real-Time Analyzer Settings. . . . . . . . . . . . . . . . . . . . . . .Chapter 6Connecting to the Log Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Accessing Log Database Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Explorer Connection to a Log Database. . . . . . . . . . . . . . . . . . . . . . . . .Creating a New Log Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Changing the Log Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Reporter Connection to a Log Database. . . . . . . . . . . . . . . . . . . . . . . . .Creating a New Database Connection for Reporter . . . . . . . . . . . . . . . .Chapter 7626364646565656565666670717172Managing the Log Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Log Server Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Connection Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Database Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Settings Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4474952535355Managing the Size of the Log Database . . . . . . . . . . . . . . . . . . . . . . . 61Checking or Changing the Job Status. . . . . . . . . . . . . . . . . . . . . . . . . . .Scheduling a Job to Archive or Purge . . . . . . . . . . . . . . . . . . . . . . . . . .Choose Archive, Combined Archive, or Purge. . . . . . . . . . . . . . . . .Recurrence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Start Date. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Run Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Always Keep at Least . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Archive or Remove Records Before: . . . . . . . . . . . . . . . . . . . . . . . .Archive or Remove All Records: . . . . . . . . . . . . . . . . . . . . . . . . . . .Keep Trend Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Options Only for Combined Archive . . . . . . . . . . . . . . . . . . . . . . . .Confirming the Job Detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Reducing the Size of the Log Database . . . . . . . . . . . . . . . . . . . . . . . . .Potential Issues with Log Database Manager. . . . . . . . . . . . . . . . . . . . .Archiving the Log Database Using the Command Line . . . . . . . . . . . .Chapter 840404242Websense Enterprise Reporting75767780
ContentsConsolidation Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82WebCatcher Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84DB Jobs Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87Stopping and Starting the Log Server . . . . . . . . . . . . . . . . . . . . . . . . . . .90Chapter 9Choosing the Display and Print Options for Explorer. . . . . . . . . . . .91Changing the Configuration Settings via the wse.ini file . . . . . . . . . . . .91Chapter 10Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Database Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93How do I determine the cause of a problem or get more informationabout an error message? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93The data on my Internet Browse Time reports is skewed . . . . . . . . .94Bytes transferred are larger than expected . . . . . . . . . . . . . . . . . . . . .94After installing the Log Server and attempting to start the service, Ireceive the error "Log Server Service does not exist" . . . . . . . . . . . .95Some protocol requests are not being logged. . . . . . . . . . . . . . . . . . .95Reports on Risk Classes Show Different Information . . . . . . . . . . . .95All Reports Have No Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95Explorer Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96Seeing the current data in SUMMARY or TREND tables . . . . . . .96Problems with Microsoft IIS or Apache web server . . . . . . . . . . . . .96Special characters in domain names in Explorer . . . . . . . . . . . . . . . .96There is a delay between data in the INCOMING table and seeing thatdata in Explorer reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97Pop-up blocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97Potential issues when generating Explorer reports. . . . . . . . . . . . . . .97Reporter Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98After exporting to Excel, some report data is missing . . . . . . . . . . . .98The Windows Event Viewer on my Log Server machine shows anHTTP post failed message for WebCatcher with an Event ID 50x . .98Reporter closes or displays a Dr. Watson error after generating a report99Multiple reports contain identical information when they should not99Reporting Administrator’s Guide5
ContentsIncreasing Reporting Speed in Reporter . . . . . . . . . . . . . . . . . . . . . . 99Appendix ATechnical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Websense Technical Services Support Center . . . . . . . . . . . . . . . . . . .Premium Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Support Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Web Portal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Email Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Telephone Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Customer Care . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Improving Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101101102102102102103103Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1056Websense Enterprise Reporting
Understanding How ReportingWorksCHAPTER 1Websense, Inc., produces software that manages employee use of theinternet. Websense Enterprise is the core module that gives an organizationthe ability to control or monitor network traffic to the internet. The WebsenseEnterprise components provide the ability to filter requested internet data, toset policies regarding that filtering, and to track internet usage.Websense Enterprise must be installed and working in your network beforeinstalling any of the Websense Enterprise Reporting modules. For detailedinformation on requirements and installation, see the Websense EnterpriseReporting Installation Guide.The Websense Enterprise Reporting components provide the ability to gatherand keep information about internet usage. The Log Server receives incomingdata about internet usage from Websense Enterprise and stores it in a databasecalled the Log Database.Websense Enterprise Explorer and Websense Enterprise Reporter are modulesthat give you a look into the Log Database that contains information abouthow your employees are actually using the internet. These reports are basedon current internet usage, or on archived data.Read about the following in this chapter. Understanding Websense Enterprise ReportingThe Main Page in ExplorerThe Database Page in ExplorerLog Database TablesReporter’s Application WindowRelated DocumentationReporting Administrator’s Guide7
Chapter 1: Understanding How Reporting WorksUnderstanding Websense Enterprise ReportingUnderstanding Websense Enterprise Reporting requires an understanding ofhow Websense Enterprise and Websense Enterprise Reporting work together.Following is a simplified overview.Components of Websense Enterprise include: Policy ServerFiltering ServiceWebsense Master DatabaseIntegration Partner product (firewall, proxy server, or cacheappliance)Components of Websense Enterprise Reporting include: 8Log ServerLog DatabaseMicrosoft MSDE or SQL Server databaseReporter (viewer into database)Standard web browser (Microsoft Internet Explorer) to view Explorerand Log Database ManagerExplorer’s intranet website on a web serverLog Database ManagerWebsense Enterprise Reporting
Chapter 1: Understanding How Reporting WorksWebsense, Inc.Updates the WebsenseMaster Database dailyand makes it available fordownloadIntegrationPartner ProductPolicy Server withFiltering Service Stores configuration Network deviceinformationfirewall, proxy server,or cache appliance Carries out internetWebsense MasterDatabaseusage policiesinto categories andsubcategories Interacts withinternet activity forfiltering and trackingNetwork AgentIntegration Partnerproduct to trackinternet activitysaved to the WebsensePolicy Server Used to categorizerequests through theWebsense FilteringServiceIntegration Partnerproduct to controlinternet access Organizes internet sites Downloaded daily and Sends user internet Interacts with Interacts with FilteringService for filteringand logging Interacts with NetworkAgent to control andtrack internet activity Manages networkprotocols andapplications outsidethe browserSends internet activitydata to the Log ServerUser ServiceLog Server Receives internetactivity data from theFiltering Service Inserts the data into theCommunicates withDirectory Service toenable you to applyfiltering policiesbased on users,groups, domains, andorganizational units.Log DatabaseLog DatabaseCreated and powered by Microsoft’s MSDE orSQL Server database Receives and storesinternet activity dataComponents of Websense Enterprise and Websense Enterprise ReportingReporting Administrator’s Guide9
Chapter 1: Understanding How Reporting WorksPolicy Server stores Websense configuration information. Policy Servercommunicates this data to the Filtering Service. Policy Server also identifiesall other Websense components and tracks the location and status of all otherWebsense services.User Service communicates with Directory Service to enable you to applyfiltering policies based on users, groups, domains, and organizational units.Filtering Service carries out internet usage policies that are defined for theenterprise, including permitting, blocking, or deferring access to particularinternet sites.Filtering Service interacts with the firewall, proxy server, or cacheappliances (Integration Partner products) and Network Agent to controlaccess to the internet and to track internet activity. It sends activity data to aLog Server.The Websense Master Database organizes internet sites (by IP addresses andtheir associated URLs) into one of approximately 90 major categories andsubcategories. The updated version is downloaded daily from Websense, Inc,.and saved to the Filtering Service machine. The Filtering Service uses theWebsense Master Database to categorize internet activity for filtering andtracking.The Websense Master Database is updated daily by Websense, Inc. If youchoose to purchase the optional Real-Time Security Updates feature, you havethe capability to get database security updates as soon as they are publishedby Websense. To read more about Real-Time Security Updates, see theWebsense Enterprise Administrator’s Guide.The Integration Partner product is a network device that is either a firewall,proxy server, or cache appliance. It sends users’ internet requests to theWebsense server for analysis.Network Agent manages internet protocols and applications outside the webbrowser. Depending on how it is configured for the organization, it can alsofilter and log internet activity through the web browser.Log Server receives internet activity data from Filtering Service and insertsthe data into the Log Database.Log Database is created and powered by Microsoft SQL Server or MSDE.The Log Database receives and stores internet activity data.Log Database Manager archives and purges the data in the Log Database.10Websense Enterprise Reporting
Chapter 1: Understanding How Reporting WorksThe Explorer module creates an intranet website on your web server. It addssome tables to the Log Database. Users access this website to run internetusage reports on a Log Database.Web ServerExplorer Interface Uses a web browser(Microsoft InternetExplorer) to requestreports Sends requests to the webserver for informationMicrosoft IIS or Apache web server Receives informationrequests from the Explorerbrowser interface Retrieves information fromthe Log Database Returns reports to theExplorer browser interfaceLog DatabaseCreated and powered by Microsoft MSDE or SQLServer Database Receives and storesinternet activity data Additional tables createdand used by WebsenseExplorer and ReporterThe Main Page in ExplorerAfter Explorer has been installed and the Log Database has been prepared,you will use Explorer to view the Log Database from your web browser. Seethe Websense Enterprise Reporting Installation Guide for details of specificrequirements and installation steps.You start defining all reports from Explorer’s main page. There are drilldown options from some report results, but your initial choices will be madefrom the main page.The following is a quick overview of Explorer’s Main Page.Reporting Administrator’s Guide11
Chapter 1: Understanding How Reporting WorksPrimary report choicesHide/Show namesSelect and display ‘Top N’Select new databaseReport datesOutput to PDF or Excel SpreadsheetThe Primary report choices will vary slightly, depending on the users, groupsand domains in the database. If there are no groups available, Group will notbe available as a primary report choice or in the drop-down options. If Userand Group are not primary report choices, you will still be able to access themas you drill down into the other choices. If there is only one domain, Domainwill not display as a primary report choice.The report dates can be typed into the boxes or picked via a calendar.Select and display ‘Top N’ where ‘
Websense, Inc., produces software that manages employee use of the internet. Websense Enterprise is the core module that gives an organization the ability to control or monitor network traffic to the internet. The Websense Enterprise components provide the ability to filter requested internet data, to
