42
TRITON - Web Security Help
313
Websense Server Administration
Resuming Master Database downloads
If a Master Database download is interrupted, Websense software attempts to resume
the download automatically. If Filtering Service is able to reconnect to the download
server, the download resumes from where it was interrupted.
You can manually restart a failed or interrupted download. This does not resume the
download from the point of interruption, but instead restarts the process from the
beginning.
1. In TRITON- Web Security, go to Status> Today and click Database Download.
2. Click Stop All Updates to stop the interrupted process.
3. Select a Filtering Service instance and click Update, or click Update All, to
restart the download process from the beginning.
Viewing and exporting the audit log
Websense software provides an audit trail showing which administrators have
accessed TRITON - Web Security, as well as any changes made to policies and
settings. This information is available only to Super Administrators who are granted
policy permissions (see Super Administrators, page 269).
Delegated administrators have significant control over the Internet activities of their
managed clients. Monitoring their changes through the audit log enables you to ensure
that this control is handled responsibly and in accordance with your organization’s
acceptable use policies.
Use the Status > Audit Log page to view the audit log, and to export selected portions
of it to an Excel spreadsheet (XLS) file, if desired.
Audit records are saved for 60 days. To preserve audit records longer than 60 days,
use the export option to export the log on a regular basis. Exporting does not remove
records from the audit log.
When the Audit Log page opens, the most recent records are shown. Use the scroll bar
and the paging buttons above the log to view older records.
The log displays the following information. If an item is truncated, click the partial
entry to display the full record in pop-up dialog box.
Column
Description
Date
Date and time of the change, adjusted for time zones.
To assure consistent data in the audit log, be sure all machines
running Websense components have their date and time settings
synchronized.
User
User name of the administrator who made the change.
51
Websense Server Administration
314
Websense Web Security and Websense Web Filter
Not all items are shown for all records. For example, the role is not displayed for
logon and logoff records.
To export audit log records:
1. Select a time period from the Export range list.
Choose Last 60 days to export the entire audit log file.
2. Click Go.
If Microsoft Excel is installed on the machine running TRITON - Web Security,
the exported file opens. Use options in Excel to save or print the file.
If Microsoft Excel is not installed on the machine running TRITON - Web
Security, follow the on-screen instructions to either locate the software or save the
file.
Stopping and starting Websense services
Websense services are configured to start each time the machine restarts. However, in
some cases you need to stop or start one or more product components separately from
a machine restart.
Server
IP address or name of machine running the Policy Server affected
by the change.
This appears only for changes that affect the Policy Server, such
as changes made on the Settings tab.
Role
Delegated administration role affected by the change.
When a change affects a client explicitly assigned as a managed
client in the delegated administrator's role, that change shows as
affecting the Super Administrator role. If the change affects a
client that is a member of a network range, group, domain or
organizational unit assigned to the role, the change shows as
affecting the delegated administrator's role.
Type
Configuration element that was changed, such as policy, category
filter, or logon/logoff.
Element
Identifier for the specific object changed, such as the category
filter name or role name.
Action
Type of change made, such as add, delete, change, log on, and so
on.
Previous
Value before the change.
Current
New value after the change.
Column
Description
Note
If Filtering Service is in the process of downloading the
Master Database, it does not stop running until the
download is complete.
44
TRITON - Web Security Help
315
Websense Server Administration
When you stop all Websense services, always end with the following services, in the
order shown:
1. Websense Policy Server
2. Websense Policy Broker
3. Websense Policy Database
Note that unless a problem specifically pertains to Policy Broker or the Policy
Database, it is rarely necessary to restart these services. Avoid restarting these services
when possible.
When you start all Websense services, always start with the following services, in the
order shown:
1. Websense Policy Database
2. Websense Policy Broker
3. Websense Policy Server
Windows
1. Open the Windows Services dialog box (Start> Settings> Control Panel>
Administrative Tools > Services).
2. Right-click the Websense service name, and then select Stop or Start.
Linux
On Linux machines, there are 2 tools that can be used to stop and start daemons:
The WebsenseAdmin script starts, stops, and restarts all daemons on the
machine.
The WebsenseDaemonControl script starts and stops individual daemons.
To use the WebsenseAdmin script to start or stop all daemon:
1. Go to the /opt/Websense directory.
2. Check the status of the Websense services with the following command:
./WebsenseAdmin status.
3. Stop, start, or restart all Websense services with the commands:
./WebsenseAdmin stop
./WebsenseAdmin start
./WebsenseAdmin restart
To use the WebsenseDaemonControl script to start or stop a daemon:
1. Go to the /opt/Websense directory.
Warning
Do not use the kill command to stop a Websense service,
as it may corrupt the service.
41
Websense Server Administration
316
Websense Web Security and Websense Web Filter
2. Enter the following command: ./WebsenseDaemonControl.
A list of installed components is displayed, showing whether each process is
running or stopped.
3. Enter the letter associated with a component to start or stop the associated process.
To refresh the list, enter R.
4. When you are finished, enter Q or X to exit the tool.
Alerting
To facilitate tracking and management of both Websense software and client Internet
activity, Super Administrators can configure alerts to be sent when selected events
occur.
System alerts: Notification regarding subscription status and Master Database
activity.
Usage alerts: Notification when Internet activity for particular categories or
protocols reaches configured thresholds.
Alerts can be sent to selected recipients via email, on-screen pop-up messages
(Windows net send messaging), or SNMP messages.
Usage alerts can be generated for both Websense-defined and custom categories or
protocols.
Related topics:
Flood control, page 317
Configuring general alert options, page 317
Configuring system alerts, page 319
Configuring category usage alerts, page 320
Configuring protocol usage alerts, page 321
Note
On-screen pop-up alerts cannot be sent to Linux machines.
However, they can be sent from a Linux machine running
Policy Server to Windows machines, provided that the
Samba client is installed on the Linux machine. See the
Deployment Guide.
45
TRITON - Web Security Help
317
Websense Server Administration
Flood control
There are built-in controls for usage alerts to avoid generating excessive numbers of
alert messages. Use the Maximum daily alerts per usage type setting to specify a
limit for how many alerts are sent in response to user requests for particular categories
and protocols. See Configuring general alert options, page 317, for more information.
You can also set threshold limits for each category and protocol usage alert. For
example, if you set a threshold limit of 10 for a certain category, an alert is generated
after 10 requests for that category (by any combination of clients). See Configuring
category usage alerts, page 320, and Configuring protocol usage alerts, page 321, for
more information.
Suppose that the maximum daily alerts setting is 20, and the category alert threshold is
10. Administrators are only alerted the first 20 times category requests exceed the
threshold. That means that only the first 200 occurrences result in alert messages
(threshold of 10 multiplied by alert limit of 20).
Configuring general alert options
Websense software can notify administrators of various kinds of system events, such
as updates to Master Database categories and subscription issues, as well as Internet
usage that exceeds defined thresholds.
Use the Settings > Alerts > Enable Alerts page to select and configure the desired
notification methods, as described below. Then, use the other pages in the Settings >
Alerts section to enable the alerts you want to receive.
1. Enter a number in the Maximum daily alerts per usage type field to limit the
total number of alerts generated daily for each category and protocol usage alert.
Related topics:
Alerting, page 316
Configuring general alert options, page 317
Configuring category usage alerts, page 320
Configuring protocol usage alerts, page 321
Related topics:
Alerting, page 316
Configuring system alerts, page 319
Configuring category usage alerts, page 320
Configuring protocol usage alerts, page 321
46
Websense Server Administration
318
Websense Web Security and Websense Web Filter
For example, you might configure usage alerts to be sent every 5 times (threshold)
someone requests a site in the Sports category. Depending on the number of users
and their Internet use patterns, that could generate hundreds of alerts each day.
If you enter 10 as the maximum daily alerts per usage type, only 10 alert messages
are generated each day for the Sports category. In this example, these messages
alert you to the first 50 requests for Sports sites (5 requests per alert multiplied by
10 alerts).
2. Mark the Enable email alerts check box to deliver alerts and notifications by
email. Then, configure these email settings.
3. Mark the Enable pop-up alerts check box to display pop-up messages on specific
computers. Then, enter the IP address or machine name for up to 50 Recipients,
each on a separate line.
4. Mark the Enable SNMP alerts check box to deliver alert messages through an
SNMP Trap system installed in your network. Then, provide information about
your SNMP Trap system.
5. When you are finished, click OK to cache your changes. Changes are not
implemented until you click Save All.
SMTP server IP or
name
IP address or name for the SMTP server through
which email alerts should be routed.
From email address Email address to use as the sender for email alerts.
Administrator
email address (To)
Email address of the primary recipient of email alerts.
Recipient email
addresses (Cc)
Email address for up to 50 additional recipients. Each
address must be on a separate line.
Note
Pop-up alerts cannot be sent to Linux machines. However,
they can be sent from a Linux machine running Policy
Server to Windows machines, provided that the Samba
client is installed on the Linux machine. See the
Deployment Guide.
Community name
Name of the trap community on your SNMP Trap
server.
Server IP or name
IP address or name of the SNMP Trap server.
Port
Port number SNMP messages use.
49
TRITON - Web Security Help
319
Websense Server Administration
Configuring system alerts
TRITON - Web Security displays detailed system health and status information via the
Status > Alerts (detailed information) page, described in Reviewing current system
status, page 322.
To assure that administrators are notified of significant system events, like a database
download failure or a subscription that is about to expire, when they are not logged on
to TRITON - Web Security, configure Websense system alerts to be distributed by
email, pop-up message, or through your SNMP Trap system.
On the Settings tab, use the Alerts > System page to select the method used to send
these alerts to Websense administrators, as well as which alerts to send.
1. For each alert, mark the delivery methods to be used. Depending on what methods
are enabled on the Alerts page, you may be able to choose Email, Pop-up, and
SNMP methods.
Alerts are available for events such as:
Your subscription expires in one week.
Search engines supported for Search Filtering have changed.
A Websense Master Database download failed.
A category or protocol was added to or removed from the Master Database.
The number of current users exceeds your subscription level.
The number of current users has reached 90% of your subscription level.
Your subscription expires in one month.
Websense Master Database has been updated.
2. When you are finished, click OK to cache your changes. Changes are not
implemented until you click Save All.
Related topics:
Alerting, page 316
Configuring general alert options, page 317
Reviewing current system status, page 322
Note
In addition to generating an alert, information about
Master Database download failures and exceeded
subscription levels is logged in the Windows Event Viewer
(Windows only) and in the Websense.log file (Windows
and Linux).
45
Websense Server Administration
320
Websense Web Security and Websense Web Filter
Configuring category usage alerts
Websense software can notify you when Internet activity for particular URL
categories reaches a defined threshold. You can define alerts for permitted requests or
for blocked requests to the category.
For example, you might want to be alerted each time 50 requests for sites in the
Shopping category have been permitted to help decide whether to place restrictions on
that category. Or, you might want to receive an alert each time 100 requests for sites in
the Entertainment category have been blocked, to see whether users are adapting to a
new Internet use policy.
On the Settings tab, use the Alerts > Category Usage page to view the alerts that have
already been established, and to add or delete usage alert categories.
1. View the Permitted Category Usage Alerts and Blocked Category Usage
Alerts lists to learn which categories are configured for alerts, the threshold for
each, and the selected alert methods.
2. Click Add below the appropriate list to open the Add Category Usage Alerts page
(see Adding category usage alerts, page 320) and configure additional URL
categories for alerting.
3. Mark the check box for any categories you want to delete from its list, and then
click Delete below the appropriate list.
4. When you are finished, click OK to cache your changes and return to the
Category Usage page. Changes are not implemented until you click Save All.
Adding category usage alerts
The Add Category Usage Alerts page appears when you click Add on the Category
Usage page. Here, you can select new categories for usage alerts, establish the
threshold for these alerts, and select the alert methods.
Related topics:
Alerting, page 316
Flood control, page 317
Configuring general alert options, page 317
Adding category usage alerts, page 320
Related topics:
Alerting, page 316
Configuring general alert options, page 317
Configuring category usage alerts, page 320
Documents you may be interested
Documents you may be interested