Novell® Sentinel™ 6.1 Rapid Deployment (RD) is a new packaging option for the Novell market-leading Sentinel Security Information and Event Management solution. Ideal for smaller organizations or regional installations, Sentinel 6.1 Rapid Deployment provides full Sentinel functionality in a single-box package based on SUSE® Linux. Sentinel 6.1 Rapid Deployment uses PostgreSQL* for the database, ActiveMQ* for messaging, and JasperReports* for reporting.
The new features of Sentinel 6.1 Rapid Deployment are as follows:
The major difference between Sentinel 6.1 Rapid Deployment and previous versions of Sentinel is the introduction of an embedded Sentinel database, based on the open source PostgreSQL database engine. The new database is installed and configured automatically during the Sentinel 6.1 Rapid Deployment installation, without the necessity of managing an external database. If you prefer to leverage an existing database investment, continue using the existing Sentinel 6.1 product.
Sentinel 6.1 Rapid Deployment introduces a new, streamlined reporting system to replace Crystal Reports* . This new reporting system is an integral part of Sentinel and allows you to easily run predefined reports or custom reports developed by using the JasperReports open source reporting engine.
In Sentinel 6.1 Rapid Deployment, installation is fast and easy with the single machine installer.You just need to provide a Sentinel password, a database password, and an optional set of credentials for the Sentinel Advisor service. The embedded database, reporting engine, and Web console are all included in the package and are installed and configured automatically, allowing you to deploy and begin using the product very quickly and with a minimum amount of effort.
A new Web-based search tool allows users to quickly search for strings and patterns within the Sentinel event database. Users can search for text in a specific Sentinel event field, or across all fields. Data within the search results is hyperlinked to narrow the search results with a single click.
The Web console used for Sentinel 6.1 Rapid Deployment reporting and full text search also includes the option to launch or install the Sentinel client applications. You can now launch the Sentinel Control Center, Sentinel Solution Designer, and Sentinel Data Manager from a Web browser without the need to install these client applications locally. The Web console also includes the option to install the client applications and the Sentinel Collector Manager without the need to manually retrieve the installation package. Ensure that you have JRE* 1.6 installed on your machine so you can use a Web-based application launch.
Table 1 Software and Operating System Combinations
Mozilla* Firefox* 2.x
Mozilla Firefox 3.x
Internet Explorer* 8.x
For details on installing Novell Sentinel 6.1 Rapid Deployment, refer to Installing Sentinel 6.1 Rapid Deployment
in the Sentinel 6.1 Rapid Deployment Installation Guide.
Use the Help menu in the Sentinel Control Center to access the latest online User documentation for Sentinel 6.1 Rapid Deployment. If you are working in a secure environment where direct Internet access is denied, use the online download option to save the files to the Sentinel 6.1 Rapid Deployment server. You can view the help files by using any Web browser.
To download the Online Help:
Open the Sentinel 6.1 Rapid Deployment Online Documentation Website.
Click zip in the Online Help section, then save the sentinel61rd_help.zip file to your local machine.
Do the following to copy the sentinel61rd_help.zip to <Install_Directory>/3rdparty/tomcat/webapps/ROOT/novellsiemdownloads/help and extract the files:
cp sentinel61rd_help.zip <Install_Directory>/3rdparty/tomcat/webapps/ROOT/novellsiemdownloads/help
cd <Install_Directory>/3rdparty/tomcat/webapps/ROOT/novellsiemdownloads/help
unzip sentinel61rd_help.zip
IMPORTANT:You cannot access the help files by using the option in the Sentinel Control Center unless you extract the sentinel61rd_help.zip file to the specified location.
Perform any of the following to view the help files:
In the Sentinel Control Center, click .
Open the <Install_Directory>/3rdparty/tomcat/webapps/ROOT/novellsiemdownloads/help/sentinel61rd_help/help/s61rd_user/Index.html file.
The Index.html file lists the topics in the navigation pane. Click the desired topic to open the help page for that topic. You can also use the and navigation buttons given in each page to view the pages.
NOTE:If you download and save the help files to the specified location on the Sentinel 6.1 Rapid Deployment server, clicking the Help menu in the Sentinel Control Center always lists you the saved help content available on the server.
If you want the Help menu to redirect you to the Sentinel 6.1 Rapid Deployment User Guide for the latest information, remove the extracted folder sentinel61rd_help at <Install_Directory>/3rdparty/tomcat/webapps/ROOT/novellsiemdownloads/help from the Sentinel Rapid Deployment server.
This section describes known issues for the Sentinel 6.1 Rapid Deployment server, Collector Manager, and the client applications.
You cannot launch Solution Designer by using Web Start when the Sentinel server is down because the Tomcat Web server is also down, and you cannot open the Applications page of the Web interface.
To run the Solution Designer in offline mode, do either of the following:
Run the solution_designer.sh script from the server's <Install_Directory>/bin directory to launch the Solution Designer as a Client application.
Use the Solution Designer jar files.
When Solution Designer is loaded for the first time with a Sentinel Server, the Solution Designer jar files are stored in the Java* Web Start cache on the local computer. Thereafter, you can run the Solution Designer in offline mode via Web Start:
Start the Java Control Panel.
Click to start the Java Cache Viewer.
Locate under .
Double-click to start the application.
IMPORTANT:Ensure that you choose mode in the login screen.
When you are debugging a JavaScript* Collector and you press Ctrl+F to search for a specific line in the Collector, a Search window opens at the far right of the screen. However, if you close this window, then attempt to search again, the Search window doesn’t appear again.
You cannot stop or restart the following processes by using the right-click options for or in the > of the Sentinel Control Center.
DAS_Core
Web Server
UNIX Communication Server
In addition, the right-click option stops all the process except the ones listed above.
This is working as designed. If you could use these options to stop the processes, all processes including DAS_Core are stopped, which also stops the proxied client. This stops the system, including communication between the server and the client, so the current health is not updated.
If you give a wrong port number and server hostname while installing the Collector Manager, the installation completes without giving any errors. However, when you log in to the Sentinel Control Center, you can see that the Collector Manager is not listed in the under the Admin tab. It indicates that the Collector Manager installation is failed.
To troubleshoot this issue, uninstall the Collector Manager, then install it again by using the correct port number and server hostname.
After installing Sentinel 6.1 Rapid Deployment, log in to the Web interface. Use the Application page to launch SCC and log in. In the Live view, create a collector node by using the legacy eDirectory™ Collector (Novell_eDirectory_6.1r2) that is bundled with build. Configure the audit Connector and Event Source with the eDirectory Legacy Collector and ensure that you are getting events in the Sentinel Active View.
Import an eDirectory JS Collector (Novell_eDirectory_6.1r3) and select the check box in the Import Plugin Wizard window. When you check the events details in the Active View that is parsed by the JS eDirectory collector, you can see that the Collector Script version is displayed as Novell eDirectory 6.1r2 instead of Novell_eDirectory_6.1r3.
Launch the SCC by using the Web interface and set the Action Debugger to . Create an action by using the Send Email JS plug-in. Create a right-click menu item, for example, .
Right-click any event in the Active View, then select the menu item created to open the JS Action Debugger. When you debug the JS action, you get an error message Wrapped.java.mail.SendFailedException:Sending failed; in the Action Debugger followed by an exception thrown in the Java console.
When the disk space allocated is full and when the system attempts to drop the old partitions, you cannot log in to the SCC, the SDM, and to the Web interface. For more information, see Managing Diskspace Allocation
in the Sentinel 6.1 Rapid Deployment User Guide.
Sentinel technical documentation is broken down into several different volumes:
The Sentinel SDK site provides the details about developing collectors (proprietary or JavaScript) and JavaScript correlation actions.
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
A trademark symbol (®, ™, etc.)denotes a Novell trademark; an asterisk (*) denotes a third-party trademark
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.