Flex Connector Websense WSG 7.5 full logs

1 Likes

ID-Based Database Flex connector to consume Websense logs from a MS SQL Server database

Notes:

  • The database account that you run the connector with must have db_datareader on all partitions of the websense database.  Default name is wslogdb70.  Partitions are wslogdb70_1, and so on.
  • The database account must have execute rights on the dbo.inttoip function

Updated 10/17/2011:

* Now puts full category instead of just parent category for site category

* Fixed issue where arcSight was doing reverse DNS lookup up destination IP  instead of using destination url.

Comment List
Anonymous
Parents
  • Hi we have 2 websense manager and both are storing the logs in 2 different sql DB. I can able to pull the logs using a flex connector from one DB, But from the other DB we are facing issues.

    Error in wrapper is

    INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [WARN ] Cache files were found for cache [3ieIHVz8BABDLKfW+HrWtXA==.m1] but the cache size is missing or is negative. Scanning Cache now, this may take a while...(to avoid this step and use the cache size [0] set the property [eventcache.scanforsize] to 'false')INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [INFO ] Cache size [0]. Scanned in [0] ms.INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [INFO ] HTTP Compression enabled.INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [INFO ] Database version [1.0] detected.INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [INFO ] Querying the database [jdbc:odbc:websense] to find out last id written

    and error in agent.log is

    [2013-06-18 16:57:12,349][INFO ][default.com.arcsight.agent.loadable.flexagent._FlexIdBasedDatabaseAgent][detectDatabaseVersion] Database version [1.0] detected.

    [2013-06-18 16:57:12,365][WARN ][default.com.arcsight.agent.xb.d][load] Neither [ps.FAD670E0FA72EDBB7F60C1974E66EFEE9989AA7E.3ieIHVz8BABDLKfW+HrWtXA==.0] nor [ps.FAD670E0FA72EDBB7F60C1974E66EFEE9989AA7E.3ieIHVz8BABDLKfW+HrWtXA==.1] exist. Unable to load persisted value

    [2013-06-18 16:57:12,365][INFO ][default.com.arcsight.agent.loadable.flexagent._FlexIdBasedDatabaseAgent][getLastRecordId] Querying the database [jdbc:odbc:websense] to find out last id written

    [2013-06-18 16:57:12,412][INFO ][default.com.arcsight.agent.loadable.flexagent._FlexIdBasedDatabaseAgent][getConnection] Current password set as original one for [jdbc:odbc:websense]

    Please help us to fix this.


Comment
  • Hi we have 2 websense manager and both are storing the logs in 2 different sql DB. I can able to pull the logs using a flex connector from one DB, But from the other DB we are facing issues.

    Error in wrapper is

    INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [WARN ] Cache files were found for cache [3ieIHVz8BABDLKfW+HrWtXA==.m1] but the cache size is missing or is negative. Scanning Cache now, this may take a while...(to avoid this step and use the cache size [0] set the property [eventcache.scanforsize] to 'false')INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [INFO ] Cache size [0]. Scanned in [0] ms.INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [INFO ] HTTP Compression enabled.INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [INFO ] Database version [1.0] detected.INFO   | jvm 7| 2013/06/18 17:27:39 | [Tue Jun 18 17:27:39 IST 2013] [INFO ] Querying the database [jdbc:odbc:websense] to find out last id written

    and error in agent.log is

    [2013-06-18 16:57:12,349][INFO ][default.com.arcsight.agent.loadable.flexagent._FlexIdBasedDatabaseAgent][detectDatabaseVersion] Database version [1.0] detected.

    [2013-06-18 16:57:12,365][WARN ][default.com.arcsight.agent.xb.d][load] Neither [ps.FAD670E0FA72EDBB7F60C1974E66EFEE9989AA7E.3ieIHVz8BABDLKfW+HrWtXA==.0] nor [ps.FAD670E0FA72EDBB7F60C1974E66EFEE9989AA7E.3ieIHVz8BABDLKfW+HrWtXA==.1] exist. Unable to load persisted value

    [2013-06-18 16:57:12,365][INFO ][default.com.arcsight.agent.loadable.flexagent._FlexIdBasedDatabaseAgent][getLastRecordId] Querying the database [jdbc:odbc:websense] to find out last id written

    [2013-06-18 16:57:12,412][INFO ][default.com.arcsight.agent.loadable.flexagent._FlexIdBasedDatabaseAgent][getConnection] Current password set as original one for [jdbc:odbc:websense]

    Please help us to fix this.


Children
No Data
Related Discussions
Recommended