Web visits, consolidation, and full URL logging

Forcepoint Web Security and Forcepoint URL Filtering use proprietary algorithms to reduce the volume of log data in order to achieve a balance between visibility into users’ web browsing activity and the size and performance of the Log Database.

• When you enable visits, Log Server combines the individual elements that create a web page (such as graphics and advertisements) into a single log record that includes bandwidth information for all elements of the visit.

  When this option is disabled, you instead log hits. In this case, a separate log record is created for each HTTP request generated to display different page elements, including graphics, advertisements, embedded videos, and so on. This creates a much larger Log Database that grows rapidly.

  Disabling visits can increase the total amount of data stored in the Log Database by a factor of 2.5.

• To further reduce the size of the database, enable log record consolidation. This combines multiple, similar Internet requests into a single log record, reducing the granularity of reporting data.
• By default, web protection products log only the URL hostname for each request, instead of the full URL. Storing the full URLs provides more visibility into where users are going within a particular website, but increases the Log Database storage demands.

  Enabling full URL logging can increase the size of each record by 50%.

For information about more ways to either reduce the size of the Log Database or increase the amount of data recorded, refer to: Log Database sizing guidance.