The scripts below are useful when troubleshooting an issue you are experiencing. They provide finer grain control of certain components in Sentinel, allowing you to drill down to the root cause of the issue. Starting and Stopping Sentinel Server
NOTE: These scripts should not be used during normal operation of Sentinel.
Script File: |
Description: |
|
Starts the associated Sentinel Server process. These scripts are useful when troubleshooting a problem with a Sentinel Server process that is not running properly and when no helpful error message is written to the log file. Before running one of these scripts, make sure the associated process is not already running on that machine. |
|
Displays information about an event file that will be processed by DAS Aggregation. |
|
Displays all of the active connections to the iSCALE message bus. |
|
Starts the Internet download and processing of either the alert or attack Advisor feed data. The advisor.bat/.sh script will run both of these scripts during normal operation. |
|
Used by the Advisor scripts to set some local environment variables. |
|
Used by many of the Sentinel script to set some local environment variables. |
|
Starts the message bus component of the Communication Server. This script is useful if you are having problems starting the message bus (Sonic). For more information, see "Starting the Communication Server in Console Mode". |
|
Starts the SQL Server Agent Service and configures it to run automatically. This script is run automatically by the installer. |
|
Stops the message bus component of the Communication Server. For more information, see "Stopping the Communication Server in Console Mode". |
|
Stops a particular Sentinel Server process. This is useful when you need to restart a particular Sentinel Server process without stopping the entire Sentinel Server. Please note that the Sentinel Server watchdog will automatically restart the process once it is stopped. For more information, see "Restarting Sentinel Containers". |
|
Removes the Advisor feed download and processing scheduled jobs. This script is run automatically by the uninstaller. |
These scripts start the Communication Server on the command line in console mode. These scripts are useful for debugging the Communication Server without requiring you to run the rest of Sentinel Server.
NOTE: During normal operations, you should not use these scripts. Instead, follow the procedures in the section "Starting a Sentinel Server ". If you use these scripts on Windows, for example, the service will only run as long as the Command Prompt window remains open.
To start the Communication Server (Windows):
Either go or navigate through Windows Explorer to:
%ESEC_HOME%\bin
Either double-click (through Windows Explorer) or execute the following file:
start_broker.bat
To start the Communication Server (UNIX):
Login as Sentinel Administrator operating system user (default is esecadm).
Go to:
$ESEC_HOME/bin
Enter:
./start_broker.sh
These scripts stop the Communication Server on the command line in console mode. These scripts are useful for troubleshooting the Communication Server without forcing you to stop the rest of Sentinel Server.
NOTE: During normal operations, you should not use these scripts. Instead, follow the procedures in the section "Stopping a Sentinel Server".
To stop the Communication Server (Windows):
Either go or navigate through Windows Explorer to:
%ESEC_HOME%\bin
Either double-click (through Windows Explorer) or execute the following file:
stop_broker.bat
To stop the Communication Server (UNIX):
Login as user Sentinel Administrator operating system user (default is esecadm).
Go to:
$ESEC_HOME/bin
Enter:
./stop_broker.sh
The following procedures describe how to restart a Sentinel Server process from the command line.
NOTE: During normal operations, you should not use these scripts. Instead, use the Servers View in the Admin tab of Sentinel Control Center.
Below are the names of the Sentinel Server processes that can be restarted using the procedure described below. The name must be used in the command line exactly as shown below.
Name: |
Description: |
|
Processes Correlation Rules. |
|
Process raw event source data and sends events. |
|
Calculates event data summaries that are used in reports. |
|
Performs event database insertion. |
|
Provides the server-side functionality for the Sentinel iTRAC functionality. |
|
Provides the server-side of the SSL proxy connection to Sentinel Server |
|
Performs general Sentinel Service operations including Login and Historical Query. |
|
Provides the server-side functionality for Active Views. |
To restart a Sentinel Server process (Windows):
Go to:
%ESEC_HOME%\bin
Enter:
.\stop_container.bat <host machine> <process name>
For example:
.\stop_container.bat localhost DAS_RT
To restart a Sentinel Container (UNIX):
Login as user Sentinel Administrator operating system user (default is esecadm).
Go to:
$ESEC_HOME/bin
Enter:
./stop_container.sh <host machine> <process name>
For example:
./stop_container.sh localhost DAS_RT