Monday, June 25, 2007

WebSense testlogserver -onlyip 10.160.10.131



We will investigate in Websense why such URL address is getting blocked, even though the URL address is not in any of the denied list with Websense

Problem: WebSense is blocking the current URL (http://www.dogoodgiveblood.org/), which is not suppose to be, and we are asked to figured out why?

Trouble shooting steps:

Log in to the Websense server, and open Websense Enterprise manager.Click on Server, Settings, Click on logging/Events

On the Log Server (point it to server itself, if it is not) we are doing this to perform a test, to find out why Websense is blocking this URL address.

Now let's take a look at two services on the Websense servers

Websense Filtering Service

Filters and logs Internet and protocol traffic.

C:\Program Files\Websense\bin\EIMServer.exe -scm


Now drill down to this directory on you Websense server from DOS command prompt

C:\Program Files\Websense\bin>

In the bin directory we will execute exe program called "testlogserver" with a switch –onlyIP as below

C:\Program Files\Websense\bin>testlogserver -onlyip 10.160.10.131

The IP address in this example is belong to the workstation where I will be opening internet browser and hit the URL in this example (http://www.dogoodgiveblood.org/),

I am basically telling Websense if you see any traffic being generated from this IP capture it.

As soon as I hit the above website I am capturing below data on the DOS screen

Using version 3

time=Fri Jun 22 17:33:49 2007 version=3

server=10.248.2.1 source=10.162.18.131 dest=74.8.102.106

protocol= "http"

url= "http://www.dogoodgiveblood.org/"

port= "80"

category= 14 (GAMES)

disposition= 1025 (CATEGORY BLOCKED)

app type= ""

keyword= ""

user= "LDAP://10.160.9.86 OU=Mail Test,OU=Service Accounts,OU=NHQ Region

DC=archq,DC=ri,DC=redcross,DC=net/smtp25"

bytes sent=0 bytes received=0 duration=0


As you see Websense is making mistake and categorizing this URL as game, if you are asking why, which I asked the WebSense support they said, they make mistakes time to time, this is why we have recategorized option in WebSense application server, which is the option to recategorize this URL correctly.( adding into a allowed category)

Best

Oz ozugurlu


No comments: