Running TestLogServer

Before you begin

In order to screen log traffic with TestLogServer without interrupting the flow of log records to Log Server, first launch the utility using parameters that forward all traffic to Log Server, then use the Forcepoint Web Security module of the Forcepoint Security Manager to configure Filtering Service to pass log traffic to TestLogServer.

Steps

  1. On the Log Server machine, open a command prompt or PowerShell and navigate to the bin directory (C:\Program Files\Websense\Web Security\bin, by default).
  2. Start the TestLogServer utility with the following parameters. (For a complete list of available parameters, see TestLogServer parameters)
    testlogserver -port 5555 -forward <IP address>:55805
    • Provide the IP address of the Log Server machine. If port 5555 is in use, you can use any available port.
    • If you are running TestLogServer in a production environment at a time of normal or higher traffic loads, you may want to use one or both of the following additional parameters:

      -file <filename.txt>
      -onlyip <IP address>

      The first parameter allows you to redirect traffic to a file for review, rather than having it scroll rapidly across the console. The file is created by default in the bin directory.

      The second parameter allows you to monitor traffic only from the IP address specified.

    Initially, when the utility launches, no traffic appears. Traffic must still be redirected to TestLogServer, as described in the steps that follow.

  3. Log on to the Security Manager and navigate to the Web > Settings > General > Logging page.
  4. Make sure that the Log Server IP address is correct. This should be the actual IP address of the Log Server machine, and not the loopback address (127.0.0.1), even if Log Server and Security Manager are installed on the same machine.
  5. Change the port to 5555 (or the value you’ve selected).
  6. Click Check Status to verify the connection to TestLogServer.
  7. Click OK and then Save and Deploy.
  8. Review the captured data. See Understanding TestLogServer output, for help in parsing the data.
    • If you are in a test environment, or performing this test at a low-traffic period, generate traffic from specific machines while monitoring TestLogServer to verify that the traffic appears.
    • If you are using the tool in a production environment while normal traffic flow is occurring, and the data is coming too rapidly to process, review step 2 for options for redirecting output or capturing traffic only for a specific machine.
  9. When you are finished, first return to the Settings > General > Logging page, and change the logging port back to its original value (55805, by default). Remember to click OK and Save and Deploy to cache and then implement your change.
    At this point, traffic is sent directly to Log Server and stops appearing in TestLogServer.
  10. In the command window where TestLogServer is running, press Ctrl+C to stop the utility.