Log Server has not received log files from Filtering Service

Log Server receives Internet usage information from Filtering Service and stores it in the Log Database. Log Server forwards files to Cloud App Service for processing. If Log Server is not receiving files from Filtering Service, no data is being logged, recent data is not displayed on the Status > Dashboard page, and you cannot generate Internet usage reports that include recent data.

Log Server may not be receiving files from Filtering Service if:

  • Filtering Service is not running.

    See Filtering Service is not running for information about addressing this issue.

  • The two services are not able to communicate across the network.
    • Verify that there have been no recent changes to firewall rules that might affect traffic between the machines on port 55805 (default), or the custom port your organization uses.
    • Use a utility like telnet or ping to verify that the machines can communicate.
    • Verify that the Log Server IP address and port (55805, by default) is correct on the Web > Settings > General > Logging page in the Forcepoint Security Manager.

      If the loopback address (127.0.0.1) or “localhost” is shown, enter the actual IP address of the Log Server machine.

    • Use the Check Status button on the Settings > General > Logging page to verify that it is possible to connect to Log Server.

      If the status check fails:

      1. Verify there is no firewall blocking the port.
      2. Run the following command on the Log Server machine to verify that Log Server is listening on the port:

        netstat -ban > port.txt

  • Content Gateway, Network Agent, or a third-party integration product is not configured properly and not receiving Internet traffic.
    • See Network Agent issues and Configure Network Agent for information about addressing Network Agent configuration issues.
    • See the Content Gateway Online Help for information about addressing Content Gateway configuration issues.
    • See the Deployment and Installation Center and your vendor’s documentation for information about other supported integrations.
  • There is not sufficient disk space for Log Server to create new cache files.

    See Low disk space on the Log Server machine for more information about addressing this issue.

  • Filtering Service is associated with a Policy Server that is not configured for logging or is sending logs to TestLogServer.

    See No Log Server is installed for a Policy Server and Configuring how requests are logged for more information about addressing this issue.

  • Files cannot be written to the cache or BCP folders.

    Verify that the path defined for ODBC cache files or BCP files on the Settings > Reporting > Log Server page is correct, and that the account used to run Log Server has permissions to write to the path.

  • Log Server did not install properly.

    Use the following steps to verify that the Log Server service is registered properly with the Windows operating system:

    1. Use the Windows Services tool to stop the Websense Log Server service.
    2. Open a command prompt (Run > cmd) and navigate to the bin directory (C:\Program Files\Websense\Web Security\bin, by default).
    3. Enter the following command.

      LogServer -c

      • If no errors display, the service is registered correctly.
      • If errors display, continue with the next step.
    4. To remove the Log Server service, enter:

      LogServer -u

    5. To register the executable, enter:

      LogServer -i

    6. Once again, enter the following command. Verify that no errors appear.

      LogServer -c

If none of the items above addresses your issue:

  • Verify that the Log Server executable version matches the installed product version. To find the Log Server version:
    1. Open a Windows command prompt on the Log Server machine.
    2. Navigate to the bin directory (C:\Program Files\Websense\Web Security\bin, by default).
    3. Enter the command:

      LogServer -v

    This should match the version shown on the Help > About... page in the Forcepoint Security Manager.

  • Occasionally, the Filtering Service on an appliance does not restart as expected after a settings change. If the Filtering Service on an appliance stops running, see the Appliances CLI Guide for information about restarting Filtering Service.
  • If Log Server stops running immediately after restarting and the runtime error “C error (Visual C Runtime Error)” displays, delete the LogServer.state file located in the Log Server Cache folder (C:\Program Files\Websense\Web Security\bin\Cache, by default) and restart the Websense Log Server service.
  • If you are using TestLogServer, verify that the tool is set up to forward log data to Log Server.

    See support.forcepoint.com for detailed information about TestLogServer.