Novell® Sentinel 6.1 Rapid Deployment Readme

June 15October 2009

Novell® Sentinel™ 6.1 Rapid Deployment (RD) is a new packaging option for the Novell market-leading Sentinel Security Information and Event Management solution. Ideal for smaller organizations or regional installations, Sentinel 6.1 Rapid Deployment provides full Sentinel functionality in a single-box package based on SUSE® Linux. Sentinel 6.1 Rapid Deployment uses PostgreSQL* for the database, ActiveMQ* for messaging, and JasperReports* for reporting.

1.0 Product Overview

The key features of Sentinel 6.1 Rapid Deployment are as follows:

1.1 Embedded Database

The major difference between Sentinel 6.1 Rapid Deployment and previous versions of Sentinel is the introduction of an embedded Sentinel database, based on the open source PostgreSQL database engine. The new database is installed and configured automatically during the Sentinel 6.1 Rapid Deployment installation, without the necessity of managing an external database. If you prefer to leverage an existing database investment, continue using the existing Sentinel 6.1 product.

1.2 Reporting Console

Sentinel 6.1 Rapid Deployment introduces a new, streamlined reporting system to replace Crystal Reports*. This new reporting system is an integral part of Sentinel and allows you to easily run predefined reports or custom reports developed by using the JasperReports open source reporting engine.

1.3 Streamlined Installation

In Sentinel 6.1 Rapid Deployment, installation is fast and easy with the single machine installer.You just need to provide a Sentinel password, a database password, and an optional set of credentials for the Sentinel Advisor service. The embedded database, reporting engine, and Web console are all included in the package and are installed and configured automatically, allowing you to deploy and begin using the product very quickly and with a minimum amount of effort.

1.4 Full Text Search

A new Web-based search tool allows users to quickly search for strings and patterns within the Sentinel event database. Users can search for text in a specific Sentinel event field, or across all fields. Data within the search results is hyperlinked to narrow the search results with a single click.

1.5 Web-Based Application Launch and Installation

The Web console used for Sentinel 6.1 Rapid Deployment reporting and full text search also includes the option to launch or install the Sentinel client applications. You can now launch the Sentinel Control Center, Sentinel Solution Designer, and Sentinel Data Manager from a Web browser without the need to install these client applications locally. The Web console also includes the option to install the client applications and the Sentinel Collector Manager without the need to manually retrieve the installation package. Ensure that you have JRE* 1.6 installed on your machine so you can use a Web-based application launch.

2.0 System Requirements

2.1 Supported Platforms

Table 1 Software and Operating System Combinations

Platforms

Sentinel Server Components

Sentinel User Applications

Collector Manager

Collector Builder

SUSE Linux Enterprise Server (SLES) 10 SP2 (64-bit)

Certified

Certified

Certified

Not Supported

SLES 10 SP2 (32-bit)

Not Supported

Not Supported

Certified

Not Supported

Windows* XP (32-bit)

Not Supported

Certified

Not Supported

Not Supported

Windows Vista* (32-bit)

Not Supported

Certified

Not Supported

Certified

Window Server* 2003 (32-bit)

Not Supported

Not Supported

Certified

Certified

Windows Server 2008 (64-bit)

Not Supported

Not Supported

Certified

Not Supported

2.2 Supported Web Browsers

  • Mozilla* Firefox* 2.x

  • Mozilla Firefox 3.x

  • Internet Explorer* 8.x

3.0 Installing Novell Sentinel 6.1 Rapid Deployment

For details on installing Novell Sentinel 6.1 Rapid Deployment, refer to Sentinel Rapid Deployment Installation Guide.

4.0 Installing Novell Sentinel 6.1 Rapid Deployment Hotfix 2

4.1 Prerequisites

Before proceeding to install Hotfix 2, ensure that you install either of the following:

  • Sentinel 6.1 Rapid Deployment is installed on a supported platform

  • Sentinel 6.1 Rapid Deployment Hotfix 1 is installed on Sentinel 6.1 Rapid Deployment

IMPORTANT:

  • The Novell Sentinel 6.1 Rapid Deployment hotfix 2 does not automatically update the Collector Manager installer or the Client installer package that you can download from the Sentinel Rapid Deployment Web server. Therefore, regardless of whether you have installed a Collector Manager or Client application before or after applying the hotfix on the Sentinel Rapid Deployment server, you must apply the hotfix on all the machines where Collector Manager or Client Applications, or both, are running.

  • Do not install Collector Manager or Client application on the same machine where hotfix 2 is already applied to either of the applications. Instead, install both the applications and then apply hotfix 2 to both.

4.2 Server Installation

  1. Log into the Novell Sentinel 6.1 Rapid Deployment server as the novell user.

    The novell user is created during the Novell Sentinel 6.1 Rapid Deployment installation process and does not have a password by default. Therefore, you can set a password in order to log in as this user, or you can run the following command to change user to novell if you are logged in as root:

    su - novell
    
  2. Download or copy the installer package to a temporary directory.

    NOTE:Ensure that the novell user has the complete rights to the downloaded installer zip file. If you download the installer to the Desktop as root, you cannot run it after changing the ownership to the novell user because /root/Desktop directory is not accessible to any user other than root.

    Do not download the installer package to the Desktop because the installer cannot be run as a root user, nor the novell user has the right to the root/Desktop directory.

  3. Unzip the installer package.

    unzip sentinelRD_6.1.0.2_03.zip
    
  4. Go to the unzipped directory:

    cd sentinelRD_6.1.0.2_03
    
  5. Run the hotfix installer and follow the on-screen instructions:

    ./service_pack.sh
    

4.3 Client Installation

4.3.1 Linux

  1. Log in as the root user to the machine, where Novell Sentinel 6.1 Rapid Deployment Client applications are running.

  2. Download or copy the installer package to a temporary directory.

  3. Unzip the installer package.

    unzip sentinelRD_6.1.0.2_03.zip
    
  4. Go to the unzipped directory:

    cd sentinelRD_6.1.0.2_03
    
  5. Run the hotfix installer and follow the following instructions:

    ./patch_clients.sh
    

4.3.2 Windows

  1. Log in as the administrator to the machine, where Novell Sentinel 6.1 Rapid Deployment Client applications are running.

  2. Download or copy the installer package (sentinelRD_6.1.0.2_03.zip) to a temporary directory

  3. Unzip sentinelRD_6.1.0.2_03.zip.

  4. Go to the unzipped directory.

  5. Follow either of the following:

    • Double-click the patch_clients.bat file and follow the on-screen instructions.

    • From a command prompt, run the patch_clients.bat file and follow the on-screen instructions.

4.4 Collector Manager Installation

4.4.1 Linux

  1. Log in as the root user to the machine, where Novell Sentinel 6.1 Rapid Deployment Collector Manager is running.

  2. Download or copy the installer package to a temporary directory.

  3. Unzip the installer package.

    unzip sentinelRD_6.1.0.2_03.zip
    
  4. Go to the unzipped directory:

    cd sentinelRD_6.1.0.2_03
    
  5. Run the hotfix installer and follow the following instructions:

    ./patch_clients.sh
    

4.4.2 Windows

  1. Log in as the admin user to the machine, where Novell Sentinel 6.1 Rapid Deployment Collector Manager is running.

  2. Download or copy the installer package (sentinelRD_6.1.0.2_03.zip) to a temporary directory.

  3. Unzip sentinelRD_6.1.0.2_03.zip.

  4. Go to the unzipped directory.

  5. Follow either of the following:

    • Double-click the patch_clients.bat file and follow the on-screen instructions.

    • From a command prompt, run the patch_clients.bat file and follow the on-screen instructions.

5.0 Accessing the Sentinel Rapid Deployment Help Files

You can access the online User guide for Sentinel Rapid Deployment by clicking the Help > Help menu in the Sentinel Control Center. However, if you are working in a secure environment where direct Internet access is denied, as a one time process, you can download and extract the online help file to the Sentinel Rapid Deployment server. After the help files are extracted to a specific location, you can access the documentation either from the server or remote system. You can view the help files by using any Web browser.

To download the Online Help:

  1. Go to the Sentinel Rapid Deployment documentation site.

  2. Click zip in the Downloadable User Guide Help section, then save the s61rd_user_help.zip file to your local machine.

  3. Do the following to copy and extract the downloaded file:

    1. cp s61rd_user_help.zip <Install_Directory>/3rdparty/tomcat/webapps/ROOT/novellsiemdownloads/help

    2. cd <Install_Directory>/3rdparty/tomcat/webapps/ROOT/novellsiemdownloads/help

    3. unzip s61rd_user_help.zip

      IMPORTANT:You cannot access the help files by using the Help > Help option in the Sentinel Control Center unless you extract the s61rd_user_help.zip file to the specified location.

  4. Perform any of the following to view the help files:

    • In the Sentinel Control Center, click Help > Help.

    • Open the <Install_Directory>/3rdparty/tomcat/webapps/ROOT/novellsiemdownloads/help/s61rd_user_help/index.html file.

    The Index.html file lists the topics in the navigation pane. Click the desired topic to open the help page for that topic. You can also use the Previous and Next navigation buttons given in each page to view the pages.

NOTE:If you download and save the help files to the specified location on the Sentinel Rapid Deployment server, clicking the Help menu in the Sentinel Control Center always lists you the saved help content available on the server.

If you want the Help menu to redirect you to the Sentinel Rapid Deployment User Guide that is available online, remove the extracted folder s61rd_user_help at <Install_Directory>/3rdparty/tomcat/webapps/ROOT/novellsiemdownloads/help from the Sentinel Rapid Deployment server.

6.0 Known Issues

This section describes known issues for the Sentinel 6.1 Rapid Deployment server, Collector Manager, and the client applications.

6.1 Known Issues Found in Sentinel 6.1 Rapid Deployment Hotfix 2

6.1.1 Renaming an Action Deselects the Renamed Action from the Global Filter

If an action that is associated with a Global Filter is renamed, it is deselected from the Global Filter.

To reproduce this issue, select an Action by using the Select Action (s) window in the Global Filter Configuration window. Select Tools > Action Manager, then select the Action that you have associated with the Global Filter. Click Edit, rename the Action, and click Save. Now, open the Global Filter Configuration window, and select Action. You can see that the Action, which is renamed, is deselected.

Workaround: You should manually select the renamed action.

6.1.2 Correlation Rules Do Not Fire When Global Filter Is Set to GUI Only

If the Default Route option in Global Filter Configuration is set to gui only, Correlation rules do not trigger any events.

6.1.3 Exceptions Are Thrown If Partitions Are Added to the Tables When Online Current Partition Is in P_MAX

If you add partitions to a table when its online current partition is in p_max, exceptions are thrown. This is applicable to Events, Audit_Record, and Summary tables.

6.1.4 Admin User Cannot Log In to SCC After Changing the LDAP IP Address in the 'auth.login' File

Database authentication fails if an invalid LDAP server hostname or IP address is entered while configuring Sentinel 6.1 for LDAP authentication.

The workaround for this issue is to ensure that a valid LDAP server hostname or IP address is entered.

6.2 Known Issues Found in Sentinel 6.1 Rapid Deployment Hotfix 1

6.2.1 Solution Packs on the Sentinel Content Page May Not Work with the Sentinel Rapid Deployment Hotfix 1

The solution packs that are released before August 2009, which are available on the Sentinel Content Page, might not work as expected while installing on Sentinel Rapid Deployment. The Solution Manager tries to install the Crystal Reports-based reports in the solution pack though Crystal Reports are not supported in Sentinel Rapid Deployment.

The workaround is to open the solution pack in the Solution Designer and save that as a new solution pack. The new solution pack is repaired and works as expected on the Sentinel Rapid Deployment platform. You can now continue to install the new solution pack.

6.3 Known Issues Found in Sentinel 6.1 Rapid Deployment

6.3.1 Unable to Log In to SCC, SDM, and Web Interface When the Database Is Full

When the disk space allocated is full and when the system attempts to drop the old partitions, you cannot log in to the SCC, the SDM, and to the Web interface. For more information, see Managing Disk Space Allocation.

6.3.2 Solution Designer Cannot Be Launched Through Web Start in Offline Mode

You cannot launch Solution Designer by using Web Start when the Sentinel server is down because the Tomcat Web server is also down, and you cannot open the Applications page of the Web interface.

To run the Solution Designer in offline mode, do either of the following:

  • Run the solution_designer.sh script from the server's <Install_Directory>/bin directory to launch the Solution Designer as a Client application.

  • Use the Solution Designer jar files.

    When Solution Designer is loaded for the first time with a Sentinel Server, the Solution Designer jar files are stored in the Java* Web Start cache on the local computer. Thereafter, you can run the Solution Designer in offline mode via Web Start:

    1. Start the Java Control Panel.

    2. Click View Temporary Internet Files to start the Java Cache Viewer.

    3. Locate Sentinel Solution Designer under Show Applications.

    4. Double-click Sentinel Solution Designer to start the application.

      IMPORTANT:Ensure that you choose Offline mode in the login screen.

6.3.3 Debugger Search Window Disappears

When you are debugging a JavaScript* Collector and you press Ctrl+F to search for a specific line in the Collector, a Search window opens at the far right of the screen. However, if you close this window, then attempt to search again, the Search window doesn’t appear again.

6.3.4 Right-Click Options for Server Processes Are Disabled in the Server’s View of the SCC

You cannot stop or restart the following processes by using the right-click options for Action > Stop or Action > Restart in the Servers > View of the Sentinel Control Center.

  • DAS_Core

  • Web Server

  • UNIX Communication Server

In addition, the right-click option Actions > Stop Processes stops all the process except the ones listed above.

This is working as designed. If you could use these options to stop the processes, all processes including DAS_Core are stopped, which also stops the proxied client. This stops the system, including communication between the server and the client, so the current health is not updated.

6.3.5 Giving the Wrong Port Number and Server Hostname Does Not Halt the Remote Collector Manager Installation

If you give a wrong port number and server hostname while installing the Collector Manager, the installation completes without giving any errors. However, when you log in to the Sentinel Control Center, you can see that the Collector Manager is not listed in the Servers View under the Admin tab. It indicates that the Collector Manager installation is failed.

To troubleshoot this issue, uninstall the Collector Manager, then install it again by using the correct port number and server hostname.

6.3.6 Events Show the Wrong Collector Script Version on Replacing the Legacy eDirectory Collector with the JS eDirectory Collector

After installing Sentinel 6.1 Rapid Deployment, log in to the Web interface. Use the Application page to launch SCC and log in. In the Live view, create a collector node by using the legacy eDirectory™ Collector (Novell_eDirectory_6.1r2) that is bundled with build. Configure the audit Connector and Event Source with the eDirectory Legacy Collector and ensure that you are getting events in the Sentinel Active View.

Import an eDirectory JS Collector (Novell_eDirectory_6.1r3) and select the Update Deploy Plugin check box in the Import Plugin Wizard window. When you check the events details in the Active View that is parsed by the JS eDirectory collector, you can see that the Collector Script version is displayed as Novell eDirectory 6.1r2 instead of Novell_eDirectory_6.1r3.

6.3.7 Running the Send E-mail JS Script in the JS Action Debugger Throws an Exception in the Console

Launch the SCC by using the Web interface and set the Action Debugger to On. Create an action by using the Send Email JS plug-in. Create a right-click menu item, for example, Send_email_menu_item.

Right-click any event in the Active View, then select the menu item created to open the JS Action Debugger. When you debug the JS action, you get an error message Wrapped.java.mail.SendFailedException:Sending failed; in the Action Debugger followed by an exception thrown in the Java console.

6.3.8 Sentinel Control Center Launched Remotely or via Java WebStart on a Windows Machine Does Not Allow File Browsing

Use the following scenario to replicate the problem:

Launch SCC remotely or by using the Java Web Start on a Windows machine. Log in to the SCC, then launch the ESM Live view. Configure the File connector to any compatible Collector. Right-click the File Connector and select Add Event Source. In the File Event Source window, when you click Browse and try to open any folder in the file system by double-clicking it, the folder does not open.

Workaround: The issue is because of a bug in the Java Swing class JFileChooser from the Java version 1.6 update 4 (1.6.0_04) and later. Use the following workaround for this issue:

  1. Enter the full path of the file in the File path text field.

    For example, enter /var/opt/novell/file.log or c:\programs\file.log directly in the File path field.

6.3.9 Uninstallation Does Not Clean Up the Environment Variables

Install the Sentinel 6.1 Rapid Deployment Hotfix 1 patch for the Collector Manager or the Client applications, or for both. When you attempt to uninstall the Collector Manager or the Client applications, or both, the environment variables such as ESEC_VERSION are not completely removed by the installer.

Next time when you attempt to install either or both of these application on the same machine, installation is denied because the environment variables from the previous installation exist on the system.

The workaround is to manually remove the environment variables from the machine. For more information, refer to Post-Uninstallation Procedures in the Sentinel 6.1 Rapid Deployment Installation Guide.

7.0 Documentation

Sentinel technical documentation is broken down into several different volumes:

8.0 Documentation Conventions

In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (®, ™, etc.)denotes a Novell trademark; an asterisk (*) denotes a third-party trademark