Websense Triton DLP (Events and Classification Dat...

Ron_Naken · ‎12-17-2010

How can Splunk pull events and classification data from Websense Triton? It appears that the data is stored in a SQL database, but I don't see mention of an export tool, API, or other method to grab the data other than reverse-engineering their schema.

mhassan_splunk · ‎12-24-2016

try this custom logging config in WSG

%\" fw=% pri=6 proto=% duration=% sent=% rcvd=% src=% dst=% dstname=% user=% op=% arg=\"%\" result=% ref=\"%<{Referer}cqh>\" agent=\"%<{user-agent}cqh>\" cache=%"/>

bajaguy · ‎06-28-2011

How would you go about "bouncing" the logs to splunk?

mhassan · ‎03-24-2011

try custom log configuration on your WSG produce text log files. Then use syslog-ng v3 or Snare agent to bounce the logs to splunk (or centeral logging host)

araitz · ‎12-17-2010

You could use a database trigger to dump rows to a file on insert or some other condition, but I don't think you will be able to even do that without understanding the schema.

Websense Triton DLP (Events and Classification Data)

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation