Introducing the Log Database for web protection solutions

The Log Database stores the records of Internet activity handled by web protection components. Installation creates the Log Database with a catalog database and one database partition.

The catalog database (wslogdb70, by default) provides a single connection point for the various components that need to access the Log Database: dashboards, Log Server, presentation reports, and investigative reports. It contains supporting information for the database partitions, including the list of category names, risk class definitions, trend data, the mapping of users to groups, database jobs, and so forth. The catalog database also maintains a list of all the available database partitions.

Database partitions store the individual log records of Internet activity. There are 2 partition types:

  • The standard logging partition (wslogdb70_1, wslogdb70_2, etc.) stores information about all logged Internet requests. Information from the standard logging partition is used to populate investigative and presentation reports, as well as dashboard charts.
  • The threats partition (wslogdb70_amt_1) stores information about requests that have been assigned a severity level (see How severity is assigned to suspicious activity). Information from the threats partition is used to populate the Threats dashboard.

New standard logging partitions are created based on size or date interval. See Configuring database partition options for more information.

  • When partitions are based on size, all incoming log records are inserted into the most recent active partition that satisfies the size rule. When the partition reaches the designated maximum size, a new partition is created for inserting new log records.
  • When the partitions are based on date, new partitions are created according to the established cycle. For example, if the rollover option is monthly, a new partition is created as soon as any records are received for the new month. Incoming log records are inserted into the appropriate partition based on date.

Database standard logging partitions provide flexibility and performance advantages. For example, you can generate reports from a single partition to limit the scope of data that must be analyzed to locate the requested information.