Websense Triton DLP (Events and Classification Dat...

Ron_Naken · ‎12-17-2010

How can Splunk pull events and classification data from Websense Triton? It appears that the data is stored in a SQL database, but I don't see mention of an export tool, API, or other method to grab the data other than reverse-engineering their schema.

mhassan_splunk · ‎12-24-2016

try this custom logging config in WSG

%\" fw=% pri=6 proto=% duration=% sent=% rcvd=% src=% dst=% dstname=% user=% op=% arg=\"%\" result=% ref=\"%<{Referer}cqh>\" agent=\"%<{user-agent}cqh>\" cache=%"/>

bajaguy · ‎06-28-2011

How would you go about "bouncing" the logs to splunk?

mhassan · ‎03-24-2011

try custom log configuration on your WSG produce text log files. Then use syslog-ng v3 or Snare agent to bounce the logs to splunk (or centeral logging host)

araitz · ‎12-17-2010

You could use a database trigger to dump rows to a file on insert or some other condition, but I don't think you will be able to even do that without understanding the schema.

Websense Triton DLP (Events and Classification Data)

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Join the Conversation

Websense Triton DLP (Events and Classification Data)

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience