We have WebSense 7.7.3 running on Windows Server 2008 R2 (64bit), Network Agent on seperate Windows Server 2008 R2 (64bit).
In Real Time Monitor and in reports, only HTTP traffic is logged.
Network Agent running on seperate server, and set to generate debug log, and is seeing all traffic (HTTP, HTTPS, POP3 etc), and able to block https when policy changed to block it.. Have reinstalled Network Agent, and install checks it can connect to services on the main server OK.
Juniper SSG-140 configured to send HTTP/HTTPS requests to websense (but only blocks HTTP as per standard config).
Default policy set so all protocols are logged.
For a few days this was working fine, reports and real time monitor listed POP3, HTTPS and HTTP traffic.. The we had our scheduled microsoft patch updates which included reboots of all servers, and now we only see HTTP traffic in Real Time Monitor and in reports.. All websense services running, have rebooted both servers.. Options in websense web interface for network agent are set correct to log all traffic..
Used the testlogserver, and its only displaying HTTP traffic (with a log source of enhanced log), if I stop the network agent service, then testlogserver displays HTTP and HTTPS traffic (with a log source of integrated)
Any ideas on what we need to check? Seems something is wrong with the filtering service?
Network Agent debug log indicates its logging all traffic.. example of HTTPS:
[03/15/2013 02:59:04.633] (4008): LogRequest:
Time: Fri Mar 15 02:58:05 2013
EnhancedLog: 0
Proto ID: 11
Url: HTTPS://74.125.237.18:443
Source: 10.0.0.85
Port: 443
DescriptionCode: 1026
StatusCode: 0
Category: 76
BytesReceived: 0
BytesSent: 60
Duration: 59
Periodic: 0