Administering Websense Databases, v7.6.x and 7.7.x

More documents

Recommendations

Info

Administering Websense DatabasesFactors that affect reporting database sizeAdministering Websense Databases | Web, Data, and Email Security Solutions | Versions 7.6.x,7.7.x, 7.8.xApplies to:Web Filter, Web Security, andWeb Security Gateway(Anywhere), v7.6.x - v7.8.xData Security, v7.6.x - v7.8.xEmail Security Gateway(Anywhere), v7.6.x - v7.8.xIn this topicWeb Security visits, consolidation,and full URL logging, page 18Email Security sizing factors,page 19Data Security sizing factors, page19Web Security visits, consolidation, and full URL loggingWebsense Web Security uses proprietary algorithms to reduce the volume of log datain order to achieve a balance between visibility into users’ Web browsing activity andthe size and performance of the Log Database.When you enable visits, Log Server combines the individual elements that createa Web page (such as graphics and advertisements) into a single log record thatincludes bandwidth information for all elements of the visit.When this option is disabled, you instead log hits. In this case, a separate logrecord is created for each HTTP request generated to display different pageelements, including graphics, advertisements, embedded videos, and so on. Thiscreates a much larger Log Database that grows rapidly.Disabling visits can increase the total amount of data stored in the LogDatabase by a factor of 2.5.To further reduce the size of the database, enable log record consolidation. Thiscombines multiple, similar Internet requests into a single log record, reducing thegranularity of reporting data.By default, Websense Web Security logs only the URL hostname for each request,instead of the full URL. Storing the full URLs provides more visibility into whereusers are going within a particular Web site, but increases the Log Databasestorage demands.Enabling full URL logging can increase the size of each record in WebSecurity by 50%.For information about more ways to either reduce the size of the Log Database orincrease the amount of data recorded, refer to:v7.6.x: Log Server Configuration Utilityv7.7.x: Log Database sizing guidancev7.8.x: Log Database sizing guidance18 Websense TRITON Enterprise
Administering Websense DatabasesEmail Security sizing factorsHybrid serviceThe Websense Email Security Gateway hybrid service drops email that comes fromknown bad (blacklisted) sources and blocks email with a very high spam score in thecloud before it ever reaches the Email Security Gateway appliance. This reduces theamount of data stored in the Email Security Log Database for reporting by 30 MB peruser per month.Above average email traffic: recipients, quarantined messages, orspamThe sizing guidelines above are based on the following assumptions about the emailtraffic handled by Email Security Gateway. These assumptions are derived from theaverage email traffic pattern of Websense customers over time.There are an average of 5 recipients for each email message.When hybrid service is not enabled, the ratio among spam messages, infectedmessages, and clean messages is 85-to-1-to-14.The hybrid service scans only inbound email traffic, and it can block 25 percent ofspam.All outbound and internal email messages are clean.Note that Email Security counts the number of recipients for each message rather thanthe number of messages sent. Each recipient is counted as a transaction.If the pattern of email traffic in your organization exceeds these averages, your storagecapacity will vary.Data Security sizing factorsNumber of discovery incidentsWebsense Data Security limits the number of discovery incidents that can be stored inthe Data Security Incident and Configuration Database in order to prevent improperlyconfigured discovery policies from flooding the database. By default this limit is set to1 million incidents. If you are using SQL Server Express, you should reduce thisnumber to 250 thousand.To do this:1. Log onto TRITON Console.2. Select the Data Security tab.3. Select Settings > General > System.4. Select the Reporting option from the System pane.5. Select the Discovery tab.6. Adjust the Maximum Discovery Incidents field.Administering Websense Databases 19
Page 1 and 2: Administering Websense DatabasesAdm
Page 3 and 4: Administering Websense DatabasesDat
Page 5 and 6: Administering Websense DatabasesWeb
Page 7 and 8: Administering Websense Databases Ot
Page 9 and 10: Administering Websense DatabasesHar
Page 11 and 12: Administering Websense DatabasesHow
Page 13 and 14: Administering Websense DatabasesTem
Page 15 and 16: Administering Websense Databases Ve
Page 17: Administering Websense Databasessho
Page 21 and 22: Administering Websense DatabasesRef
Page 23 and 24: Administering Websense Databasesdon
Page 25 and 26: Administering Websense DatabasesTRI
Page 27 and 28: Administering Websense DatabasesWhe
Page 29 and 30: Administering Websense Databasespar

Administering Websense Databases, v7.6.x and 7.7.x

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?