Article

Installing Platform Agent for Sentinel

Installation of Platform Agent for Sentinel is a simple plain rpm installation on Linux and Solaris. However, installation on a Windows platform is different, there is no installer for Windows to install the Platform Agent for Sentinel. A zip file will be provided for the Windows platforms and also the ReadMe file will be provided within the same zip file, which will explain how and where the Platform Agent for Sentinel files should be copied.

RPM Names are as follows:

Linux/Solaris Platform Agent for Sentinel

32-bit novell-Sentinelplatformagent-x.x.x-x.i586.rpm
64-bit novell-Sentinelplatformagent-x.x.x-x.x86_64.rpm

Configurable options with Platform Agent for Sentinel

This is to explain about the configurable options with the new Platform Agent (Platform Agent for Sentinel). First of all, one thing we should know clearly here is that since Platform Agent for Sentinel is not pushing data/events to the server, but instead will be writing events to the local log file, so it is needless to specify the Server Host Name or IP Address of the server. However, there are many configurable options which will enable the user to filter events, specify log file name, etc.

There shall be a property file associated with each logging application, which will have all the Platform Agent for Sentinel configurable options. For example, if eDirectory is the logging application then there will be a property file named eDirInst.properties in the /etc/opt/novell/sentinelpa/conf folder for Linux, and Solaris, and C:\Novell\sentinelpa\conf for Windows. The property file should be created as logging_application_name.properties.

Below is a sample properties file (eDirectory):

# Set root logger level to DEBUG and its only appender to A1.
log4j.rootLogger=ALL, A1

log4j.appender.A1=org.apache.log4j.RollingFileAppender
log4j.appender.A1.file = /var/opt/novell/naudit/eDirInst.log.test
log4j.appender.A1.append = true # Every time truncates the file if it is false

log4j.appender.A1.MaxFileSize=50MB # Size of the file
log4j.appender.A1.MaxBackupIndex=5 # Number of back up files

# A1 uses PatternLayout.
log4j.appender.A1.layout=org.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern= %m%n

# log4j.logger=ON
log4j.logger.000B0405=ALL

Let us take each configurable option from the property file and see what it is for.

1. log4j.rootLogger
   Possible values are ALL or OFF. When you set log4j.rootLogger to ‘ALL’, all the events will be logged and if it is OFF then no events will be logged.
2. log4j.appender.A1
   This is not a configurable option so don’t touch this option.
3. log4j.appender.A1.file
   This is a configurable option. With this option you can give log file name with the full path.
4. log4j.appender.A1.append
   This takes two values, TRUE and False. If it is set to TRUE, it appends the incoming events to the existing file, and if it is set to FALSE, every time the file will be truncated.
5. log4j.appender.A1.MaxFileSize
   This is a configurable option which allows you to specify the size of the log file. The file size can be in KBs, MBs or GBs
6. log4j.appender.A1.MaxBackupIndex
   This configurable option is to specify the number of backup files. Please note that the maximum files allowed here is 13.
7. log4j.appender.A1.layout=org.apache.log4j.PatternLayout
8. log4j.appender.A1.layout.ConversionPattern= %m%n
   These two options are not configurable so don’t touch them.
9. log4j.logger.000B0405=ALL
   This is a very important configurable option. Using this configurable option you can filter the events at the Platform Agent level. In this option, you can configure two things, one Event ID and the Logging option. The logging option takes two values ALL and OFF. If the logging option for the given Event ID is set to ALL, then all incoming events of the given Event ID will be logged (written to log file) and if it is set to OFF all incoming events for the given Event ID will be dropped so no events will be logged.

   Example: log4j.logger.000B0405=ALL
   log4j.logger.000B0405=OFF

Please note that since Platform Agent for Sentinel is not pushing events/data to Sentinel, Sentinel has to read it from the client machine. This can be achieved by installing Collector Manager on the Client machine where you have installed Platform Agent for Sentinel. While configuring collectors/connectors for reading events from the Platform Agent for Sentinel, you have to select JSON connection mode.