I recently had to troubleshoot a problem with a client going through Websense as a proxy and trying to gain access to a site. The site has at https://somesite.com:11001. Every time I would go to the site I would just get a “Page could not be displayed”. I then wen through and started troubleshooting from the Websense side and couldn’t see anything in the interface itself, so I went to the log server and then stopped the logging service and ran it from the commandline with just the client I was testing with. However this didn’t even show that there was a hit from the client. I then had to go to the next level and troubleshoot with a packet capture and Wireshark. Once I was able to capture the traffic I could see that Websense was returning an error that the browser wouldn’t display. The issue came down to using https on port 11001 which wasn’t allowed in the Content Gateway on the Websense appliance. Once I added that I was able to browse successfully to the site and have it show up in the log server.
So below I have summarized the steps for someone else needing to do this type of troubleshooting.
How to use the Websense testlogserver to troubleshoot problems and limit the information that is seen:
- Log into the logging server
- Stop the “Websense Log Server” service
- Go into the c:program files (x86)WebsenseWeb Securitybin folder and run the testlogserver.exe -onlyip (ip address you want to see)
- You can now surf the site from that machine and see what errors are showing up in the log server to help determine the problem.
- If you need to go to another level then run a packet capture from the machine using Websense as an explicit proxy in your browser. You can then limit the capture to just the Websense IP.
- Once you have gone to the site you can then look at the packet capture and search for “http contains (site you are going to)”.
- You should be able to then decode the http stream and see all of the headers and information returned. This should help you in troubleshooting the issue.