Install Email Log Server

Forcepoint Email Security is an appliance-based solution. All components run on the appliance except the Email Security module of Forcepoint Security Manager and Email Log Server. These are the only two Forcepoint Email Security components that may be installed using the Forcepoint installer.

  • Forcepoint Email Security cannot be run on the same appliance as Forcepoint Security Solutions.
  • It is recommended that you install Email Log Server on a different machine from the Forcepoint management server.

To install the Windows-based Forcepoint Email Security components:

Steps

  1. Download and launch the Forcepoint installer on the Log Server machine.
  2. Choose the Custom installation type.
  3. On the Custom Installation dashboard, click the Install link for Forcepoint Email Security.
    The Email component installer is launched.
  4. On the Introduction screen, click Next.
    The Forcepoint Email Security Installer does not detect Forcepoint Management Infrastructure on the machine, and operates in custom mode.
  5. In the Select Components screen, Email Log Server is selected for installation by default. To install Email Log Server, SQL Server must already be installed and running in your network.
    If you choose to install Email Log Server, the Email Log Server Configuration utility is also installed. This utility can be accessed from the Forcepoint folder in the Start menu.
  6. On the Email Log Database screen, specify the location of a database engine and how you want to connect to it.
    • Log Database IP: Enter the IP address of the database engine machine. If you want to use a named database instance, enter it in the form <IP address>\<instance name>. The instance must already exist. See your SQL Server documentation for instructions on creating instances.
    • You may specify whether the connection to the database should be encrypted. Please note the following issues associated with using this encryption feature:
      • By default, Email Log Server uses NTLMv2 to encrypt the connection.

        If you want to use SSL encryption, you must have imported a trusted certificate to the Log Server machine. See your database documentation for information about importing a trusted certificate.

      • The Bulk Copy Program (BCP) option for inserting records into the Log Database in batches cannot be used. Not using the batch method may affect Log Database performance.
      • The connection from the Email Security module in Forcepoint Security Manager to the Forcepoint appliance cannot be encrypted. If you enable encryption for Log Database, you must disable the SQL Server force encryption feature.
    • Database login type: Select how Email Log Server should connect to the database engine.
      • Trusted connection: connect using a Windows trusted connection.
      • Database account: connect using a SQL Server account.

      Then enter a user name and password.

      • If using a trusted connection, enter the domain\username of the account to be used. This account must be a trusted local administrator on the database engine machine.
      • If using a database account, enter the name of a SQL Server account. This account must have certain roles assigned; see Installing with SQL Server.

    When you click Next, connection to the database engine is verified. If the connection test is successful, the next installer screen appears.

  7. On the Email Log Database File Location screen, specify where the email Log Database files should be located and then click Next.

    It is a best practice to use the default location. However, if you want to create the Log Database in a different location (or if you already have a Log Database in a different location), enter the path to the database files.

    The path entered here is understood to refer to the machine on which the database engine is located. The path entered must specify a directory that already exists.

    If any email components (e.g., the Email Security module in Forcepoint Security Manager or another instance of Email Log Server) have already been installed in your deployment, the following message appears:

    The Email Log database exists, do you want to remove it?

    This occurs because the database was created upon installation of the other email components. Click No to continue using the existing database. In general, you should keep the database if you are sure the database was created only during the course of installing other components in your current deployment.

    Clicking Yes removes the database.

    Warning:

    If any Forcepoint Email Security log data has been written to the database it will be lost if you remove the database. If you want to keep this data, back up the esglogdb76 and esglogdb76_n databases. See your SQL Server documentation for backup instructions.

    If you remove the database, any currently quarantined email will no longer be accessible.

  8. On the Installation Folder screen, specify the location to which you want to install Email Log Server and then click Next.
    Important: The full installation path must use only ASCII characters. Do not use extended ASCII or double-byte characters.

    To select a location different than the default, use the Browse button.

    Email Log Server will be installed in its own folder under the parent folder you specify here.

  9. On the Pre-Installation Summary screen, review the components to be installed. If they are correct, click Install.
    The Installing Forcepoint Email Protection Solutions screen appears, as components are being installed.
  10. Wait until the Installation Complete screen appears, and then click Done.