Additional reporting considerations

For information about version compatibility, see the Version Equivalencies Between Forcepoint DLP and EIP Infrastructure/Web/Email Components.

When you install web protection reporting components, you can configure how those components communicate with the Microsoft SQL Server database (Log Database). Port and encryption settings selected during installation can be changed after installation, if needed.

In addition, if you are planning to deploy reporting components for a large or geographically distributed organization, and need to use a single, centralized database for reporting, see Configuring distributed logging, for configuration options.

Using a custom port to connect to the Log Database

During Forcepoint Management Infrastructure and Log Server installation, you can specify which port to use for Microsoft SQL Server communication. By default, the standard ODBC port (1433) is used.

If you want to use another port, keep in mind that SQL Server typically assigns:
  • A fixed port to the default instance (MSSQLSERVER)
  • A dynamic port to each named instance

Use the SQL Server Configuration Manager to configure the port used by each SQL Server instance. See your Microsoft documentation for assistance.

Using SSL to connect to the Log Database

During Forcepoint Management Infrastructure and Log Server installation, you are given the option to connect to Microsoft SQL Server using an SSL-encrypted connection.

In determining whether to configure reporting and management components to use SSL encryption for Log Database communication, keep in mind that:
  • BCP (bulk copy program) cannot be used to add records to the Log Database.
  • Log Database connections are slower, which may affect reporting performance.
Before enabling SSL encryption during web protection software installation, configure Microsoft SQL Server encryption settings.
  1. Launch SQL Server Configuration Manager.
  2. Right-click the SQL Native Client x.x Configuration entry used in your SQL Server installation, then select Properties
    Two parameters are listed:
    • Force Protocol Encryption: The default setting (No) means that encrypted connections are accepted but not required. This setting is typically best for use with Forcepoint security solutions.

      If this is set to yes, only encrypted connections are accepted.

    • Trust Server Certificate: The default setting (No) means that only certificates issued by a Certificate Authority (CA) are accepted for encrypting connections to the database. This requires that a CA-signed certificate be deployed to the SQL Server, Log Server, and management server machines a secure connection can be used to connect to the database.

      When this parameter is set to Yes, self-signed SSL certificates may be used to encrypt the connection to the database. In this case, the certificate is generated by the SQL Server machine and shared by all components needing to connect to the database.

If you enable SSL encryption during installation, Force Protocol Encryption is set to Yes, and Trust Server Certificate is set to No, CA-signed certificates must be installed on the management server and Log Server machines before the component installation will succeed.

Configuring distributed logging

If you have a large or distributed environment that requires multiple Log Server instances, you can configure each Log Server to record data to a separate Log Database. If you do not need a central repository of reporting data that can be used to generate organization-wide reports, this may be the most efficient deployment option.

If, however, you need a single Log Database in order to store all reporting data in a central location, you have 2 options:
  • Configure all Log Server instances to independently record their data in the same Log Database.
  • Configure distributed Log Server instances to pass their data to a central Log Server, which then records all log records from all instances into the Log Database.

The first option does not require special configuration steps. You need only ensure that each Log Server instance points to the same database (both database engine IP address or hostname and database instance name).

The second option requires more planning and configuration detail, as outlined in the sections that follow.

Note that centralized log processing is not as fast as local logging. Expect a delay of 4 or 5 minutes before the files from remote Log Servers appear in the cache processing directory on the central Log Server.

Part 1: Prepare for centralized logging