Restarting Sentinel Containers

The following procedures describe how to restart a Sentinel Server process from the command line.

NOTE: During normal operations, you should not use these scripts. Instead, use the Servers View in the Admin tab of Sentinel Control Center.

Below are the names of the Sentinel Server processes that can be restarted using the procedure described below. The name must be used in the command line exactly as show below.

Name:

Description:

  • Correlation_Engine

Processes Correlation Rules.

  • Collector_Manager

Process raw event source data and sends events.

  • DAS_Aggregation

Calculates event data summaries that are used in reports.

  • DAS_Binary

Performs event database insertion.

  • DAS_iTRAC

Provides the server-side functionality for the Sentinel iTRAC functionality.

  • DAS_Proxy

Provides the server-side of the SSL proxy connection to Sentinel Server

  • DAS_Query

Performs general Sentinel Service operations including Login and Historical Query.

  • DAS_RT

Provides the server-side functionality for Active Views.

To restart a Sentinel Server process (Windows):

  1. Go to:

%ESEC_HOME%\bin

  1. Enter:

.\stop_container.bat <host machine> <process name>

For example:

.\stop_container.bat localhost DAS_RT

To restart a Sentinel Container (UNIX):

  1. Login as user Sentinel Administrator operating system user (default is esecadm).

  2. Go to:

$ESEC_HOME/bin

  1. Enter:

./stop_container.sh <host machine> <process name>

For example:

./stop_container.sh localhost DAS_RT