Page 1 AUTHORIZED DOCUMENTATION Installation Guide Novell ® Sentinel 6.1 SP2 February 2010 www.novell.com Sentinel 6.1 Installation Guide...
Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
Page 4 Sentinel 6.1 Installation Guide...
Page 5: Table Of Contents
Contents Preface 1 Introduction Sentinel Overview ............11 Sentinel User Interfaces .
Page 6 Port Numbers Used for Sentinel 6.1 ..........31 General Installation Prerequisites .
Page 7 7 Crystal Reports for Windows Overview ..............97 System Requirements .
Page 8 8.8.4 Crystal Host Name Error ..........139 8.8.5 Cannot Connect to CMS .
Page 9: Preface
Please use the User Comments feature at the bottom of each page of the online documentation and enter your comments there. Additional Documentation Sentinel Technical documentation is broken down into several different volumes. They are:  Sentinel 6.1 Install Guide (http://www.novell.com/documentation/sentinel61/s61_install/data)  Sentinel 6.1 User Guide (http://www.novell.com/documentation/sentinel61/s61_user/data)  Sentinel 6.1 Reference Guide (http://www.novell.com/documentation/sentinel61/ s61_reference/data) ...
Page 10 For more information, see “Section Name” in “Chapter Name”, Name of the Guide (if in a different Guide). In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ®...
Page 11: Introduction
Introduction Section 1.1, “Sentinel Overview,” on page 11  Section 1.2, “Sentinel User Interfaces,” on page 12  Section 1.3, “Sentinel Server Components,” on page 13  Section 1.4, “Sentinel Plugins,” on page 15  Section 1.5, “Language Support,” on page 16 ...
Page 12: Sentinel User Interfaces
 Built-in incident management and remediation The ability to demonstrate and monitor compliance with internal policies and government  regulations such as Sarbanes-Oxley, HIPAA, GLBA, FISMA and others. The content required to implement these controls is simply distributed and implemented using Solution Packs. The following is a conceptual architecture of Sentinel, which illustrates the components involved in performing security and compliance management.
Page 13: Sentinel Data Manager
Reporting: Historical reports and metrics  Event Source Management: Collector deployment and monitoring  1.2.2 Sentinel Data Manager Sentinel Data Manager (SDM) allows you to manage the Sentinel Database. You can perform the following operations in the SDM:  Monitor Database Space Utilization ...
Page 14: Sentinel Communication Server
1.3.2 Sentinel Communication Server The iSCALE Message Bus is capable of moving thousands of message packets in a second among the components of Sentinel. This allows independent scaling of components and standards-based integration with external applications. 1.3.3 Sentinel Database The Sentinel product is built around a back-end database that stores security events and all of the Sentinel metadata.
Page 15: Sentinel Plugins
Integrators enable remediation actions on systems outside of Sentinel. For example, a correlation action can use the SOAP Integrator to initiate a Novell Identity Manager workflow. The optional Remedy AR Integrator provides the ability to create a Remedy ticket from Sentinel events or incidents.
Page 16: Reports
Solution Packs are packaged sets of related Sentinel content, such as correlation rules, actions, iTRAC worflows, and reports. Novell provides Solution Packs that focus on specific business needs, such as the PCI-DSS Solution Pack, which addresses compliance with the Payment Card Industry Data Security Standard.
Page 17: System Requirements
 Section 2.2, “Hardware Recommendations,” on page 21 2.1 Supported Software ® For best performance and reliability, Novell recommends installing all Sentinel components on the approved software listed in this section. This software is quality assured and certified. For the...
Page 18: Database Supported Platforms
2.1.2 Database Supported Platforms The following database and operating system combinations are certified or supported. Certified combinations have been tested with Novell Engineering’s full test suite. Supported combinations are expected to be fully functional. Database Supported Platforms...
Page 19: Sentinel Component Supported Platforms
NOTE: All databases should be installed on an operating system that is certified by the database vendor and also by Novell for use with Sentinel components. Oracle must run on Linux* or Solaris (not Windows). When you use the Oracle client to install or load seed data to the Sentinel database, ensure that the Oracle client version is same or later than the Oracle server version.
Page 20: Platform Support Exceptions And Cautions
The supported reporting server is Crystal Reports Server XI R2 SP4, which is supported only on 32- bit hardware. The supported Crystal Reports service packs can be downloaded from the Novell download Web site (http://download.novell.com/). 1 Go to the Novell download Web site (http://download.novell.com). 2 Select from the Product or Technology list. SIEM/Sentinel 3 Specify as the Keyword, then click search.
Page 21: Hardware Recommendations
Novell. However, both the Oracle database and Crystal Reports Server are supported by their respective vendors on additional platforms that are not fully quality assured by Novell. If a customer wants to use one of these additional platforms, Novell support for these platforms includes the following conditions.
Page 22 Sentinel Control Center, and long-term reports from the Crystal Reports Server. Therefore, Novell makes the following recommendations: ...
Page 23: Supported Hardware
(GigE) in order to prevent network traffic bottlenecks. Novell recommends that the Crystal Reports Server be installed on its own dedicated machine, particularly if the database is large or reporting usage is heavy. Crystal can be installed on the same machine as the database if the database is small, the reporting usage is light, and the database is installed on either Windows or Linux and not Solaris.
Page 24: Production Configuration
Function Model Crystal Reports Server 4 GB RAM One 32-bit dual core processor (tested with Intel Xeon 5150, 2.66 40 GB disk space GHz) System Setup for Proof of Concept Table 2-5 Attribute Rating Comments Collectors deployed per Collector Manager Rules deployed per correlation engine Active Views running...
Page 25: High-Performance Production Configuration
Function Model Collector Manager 2 4 GB RAM Windows 2003, one dual core processor (tested with dual core Intel Xeon, 2.50 GHz) 20 GB disk space Crystal Reports Server 4 GB RAM One 32-bit dual core processor (tested with Intel Xeon 5150, 2.66 GHz) 40 GB disk space...
Page 26: Virtual Environments
2.2.6 Virtual Environments Sentinel 6.1 has been tested extensively on VMware* ESX Server, and Novell fully supports Sentinel running in this environment. Performance results in a virtual environment can be comparable to the results achieved in tests on a physical machine, the virtual environment should provide the same memory, CPU, disk space, and I/O as the physical machine recommendations.
Page 27: Installing Sentinel 6.1 Sp2
Sentinel Link Solution: Sentinel Link is a mechanism that provides the ability to  hierarchically link multiple Sentinel systems, including Novell Sentinel Log Manager, Novell Sentinel, and Novell Sentinel Rapid Deployment. You can hierarchically link two or more Installing Sentinel 6.1 SP2...
Page 28: Sentinel Configurations
Sentinel 6.1 release, Remedy integration is available separately as an Integrator plug-in and is no longer included in the Sentinel installer. With the proper license, the Remedy Integrator and associated Action can be downloaded at the Novell Content Web site (http://support.novell.com/ products/sentinel/sentinel61.html). 3.2 Sentinel Configurations The following are some typical configurations for Sentinel.
Page 29: Solaris
3.2.2 Solaris Sentinel Configuration on Solaris Figure 3-2 3.2.3 Windows Sentinel Configuration on Windows Figure 3-3 3.2.4 High-Performance Configuration The 64-bit JVM*can allocate much more RAM to Sentinel processes than the 32-bit JVM. The highest Xmx value that can be used by a 32-bit JVM is 1200m, but it is virtually unlimited in a 64- bit JVM.
Page 30 the machine. However, performance testing shows that the 64-bit JVM requires nearly double the RAM to perform the same tasks as compared to the 32-bit JVM. So using the 64-bit JVM for a process that does not require this additional RAM wastes memory resources. For example, if a process was allocated 1200m with a 32-bit JVM, there is no benefit to running that process on a 64- bit JVM unless more than double the amount of RAM is allocated to it.
Page 31: Port Numbers Used For Sentinel 6.1
3 Open the file in a text editor. ESEC_HOME/config/configuration.xml 4 Locate the entry for the process to move to 64-bit at the end of the file. For each of these process that should run as 64-bit in the attribute, change the image $(ESEC_JAVA_HOME)/ environment variable to...
Page 32 Novell Customer Center (https://secure-www.novell.com/center/ regadmin). If you have purchased the optional Advisor exploit detection data feed, verify in the Customer Center that this data subscription is listed with the rest of your Novell products.  Install and configure an SMTP server if you want to send e-mail notifications from Sentinel.
Page 33: Providing Power User Privileges To Domain Users
Sentinel, see Section B.4, “Manual Oracle Instance Creation (Optional),” on page 164. If you chose this option, you must run the Novell script and use the Sentinel installer to add the database objects to the createEsecDBA.sh manually created Oracle database instance.
Page 34 NOTE: If you are using an existing or manually created Oracle database instance, it must be empty except for the Sentinel Database User for successful installation.  Get the login credentials for the Oracle operating system user (default: oracle Get the login credentials for Oracle users ...
Page 35 User Description Server Roles Need for the Role esecapp Database application user. securityadmin esecapp needs the This is the application user securityadmin role, because used to connect to the Sentinel applications run database. under the esecapp user and this role is required to create new users in Sentinel and the database.
Page 36: Authentication Mode Settings On Microsoft Sql
 Log Directory Archive Directory  Determine the SQL Server Instance port number (the default port number is 1433).  The Sentinel system uses several accounts for installation and system operation.These accounts exist in the Sentinel database and might use SQL Server authentication or Windows authentication. To use Windows authentication for one or more of the Sentinel users during Sentinel installation, the corresponding Windows Domain user must exist before installing the Sentinel Database.
Page 37: Sentinel Server Installation Prerequisites
Sentinel Database before installing the other components of Sentinel. 3.5 Database Installation An experienced DBA should install Oracle or SQL Server. In addition to the recommendations from the DBA, Novell also has some recommendations for installing Oracle. These recommendations are in the following areas: ...
Page 38 On SUSE Linux 10 SP2: # Oracle requires MLOCK privilege for hugetlb memory. vm.disable_cap_mlock=1 On Red Hat Linux 4: # Kernel settings for Oracle kernel.core_uses_pid = 1 kernel.shmall = 2097152 kernel.shmmax = 2147483648 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 fs.file-max = 65536 net.ipv4.ip_local_port_range = 1024 65000 net.core.rmem_default = 262144...
Page 39: Creating Group And User Accounts For Oracle (Solaris Only)
3 After these steps are complete, the file should contain the following: /etc/project # cat /etc/project The following is the output of the command: system:0:::: user.root:1:::: noproject:2:::: default:3:::: group.staff:10:::: group.dba:100:Oracle default project:::project.max-shmmemory=(privileged,2147483648,deny 4 To verify that the resource control is active, run the commands: prctl # su - oracle...
Page 40: Installing Oracle
153. This section describes installation settings recommended for Sentinel operations. It also describes the procedures for creating the Oracle instance. (Novell recommends creating the instance by using the Sentinel installer, but provides instructions if corporate policy requires that the DBA create the instance manually.) 3.6 Simple Installation...
Page 41 For GUI mode: ./setup.sh For text-based (serial console) mode: ./setup.sh –console You cannot run the installer on UNIX from a directory path that has special characters such as a space or non-ASCII characters. 4 Click the down-arrow and select one of the following language options: English Italian French...
Page 42: Custom Installation
11 Specify the database name.  Linux/Solaris: Specify the path for the Oracle JDBC Driver file. Windows: Specify the database user credentials and SQL Server instance name.  12 Click Next. On Linux/Solaris, the installer backs up the existing files tnsnames.ora listener.ora in the...
Page 43: Starting The Installation
 Sentinel Services Communication Server  Correlation Engine   Data Access Server (DAS) Sentinel Collector Service (Collector Manager)  Applications   Sentinel Control Center Sentinel Data Manager  Sentinel Solution Designer  Ensure that the prerequisites mentioned in Section 3.4, “General Installation Prerequisites,”...
Page 44 English French German Simplified Chinese Traditional Chinese Italian Portuguese (Brazil) Spanish Japanese 5 Read the Welcome screen, then click Next. 6 Read and accept End User License Agreement. Click Next. 7 Accept the default install directory or click Browse to specify your installation location. Click Next.
Page 45 Component Description Data Access Server (DAS) Installs the components that communicate with the Sentinel database. Requires a Sentinel license key and serial number. (Required for using Advisor.) Sentinel Collector Service Installs the Collector Manager that handles connections to event sources, data parsing, mapping, and so on. Sentinel Control Center Installs the main console for security or compliance analysts.
Page 46 13 If you select only Collector Manager and do not select Data Access Server (DAS), select the option for establishing communication between the Sentinel Collector Managers and the Sentinel Server. You can select Connect to message bus directly or Connect to message bus using proxy.
Page 47 All components connecting directly to the message bus must share the same encryption key. Novell recommends that you generate a random encryption key when you install the Communication Server and import this key when you install components on other machines.
Page 48: Configuring The Database On Windows
3.7.2 Configuring the Database on Windows 1 Complete Step 1 through Step 18 in Section 3.7.1, “Starting the Installation,” on page 2 Select Microsoft SQL Server 2005 or Microsoft SQL Server 2008 as the target database server platform, then select one of the following options: ...
Page 49: Configuring The Database On Linux Or Solaris
9 Select a database size option. If you selected a Custom database size, specify custom database size settings: Maximum Database Size: The maximum amount of disk space the database occupies.  The database automatically increases up to this size as it accumulates data. Regardless of the value specified here, the initial size of the database is 1000 MB.
Page 50 IMPORTANT: If the database name is not in the file, the installer does not tnsnames.ora give an error at this point in the installation (because it verifies the connection using a direct JDBC connection), but the database installation fails when the database installer tries to connect to the database through SQL Plus.
Page 51: Completing The Installation
Redo Log Member B Directory  13 Click Next. IMPORTANT: For recovery and performance purposes, Novell recommends that these locations be on different I/O devices. For performance reasons, the Redo Log should point to the fastest write disk you have available.
Page 52: Console Installation On Linux Or Solaris
The installer factors in operating system and database overhead when determining what allocation options to display. There are two ways to specify memory allocation: Automatic Memory Configuration: Select the total amount of memory to allocate to  Sentinel Server. The installer automatically determines the optimal distribution of memory across components taking into account the estimated operating system and database overhead.
Page 53 Sentinel 6.1 - InstallShield Wizard Select the features for "Sentinel 6.1" you would like to install: Sentinel 6.1 To select/deselect a feature or to view its children, type its number: [ ] Database 2. +[x] Sentinel Services 3. +[x] Applications Other options: 0.
Page 54: Installing Sentinel As A Domain User
Sentinel 6.1 - Sentinel Services To select/deselect a feature or to view its children, type its number: [x] Communication Server [x] Correlation Engine [x] Data Access Server [x] Sentinel Collector Service Other options: -1. View this feature's parent 0. Continue installing Enter command [0] 2 Select the features for "Sentinel 6.1"...
Page 55: Configuring The Smtp Integrator To Send Sentinel Notifications
 Section 3.9.5, “Configuring the Light weight Collector Manager,” on page 56 Section 3.9.6, “Managing Time,” on page 59  Section 3.9.7, “Modifying Oracle dbstart and dbshut scripts,” on page 59   Section 3.9.8, “High-Performance Configuration,” on page 60 3.9.1 Configuring the SMTP Integrator to Send Sentinel Notifications In Sentinel 6.1, a JavaScript SendEmail action works with an SMTP integrator to send e-mail...
Page 56: Collector Service
By default, it creates events at a rate of 5 events per second (eps). This Collector can be used to test the installation. Additional Collectors can be downloaded from the Novell Web site (http://support.novell.com/products/sentinel/collectors.html). 3.9.4 Starting the Collector Manager Service 1 Start Sentinel 6.1.
Page 57 Perform the following steps to configure the EventRouter for server mode: 1 Open the file for edit. das_query.xml Windows: %ESEC_HOME%\config\das_query.xml Linux: $ESEC_HOME/config/das_query.xml 2 Comment the following section: <obj-component id="EventRouter"> <class>esecurity.ccs.comp.router.EventRouter</class> <property name="esecurity.router.mode">standalone</property> <property name="esecurity.router.disable.compression">true</property> - <obj-component-ref> <name>DispatchManager</name> <ref-id>DispatchManager</ref-id> </obj-component-ref> - <obj-component-ref> <name>EventPublisher</name>...
Page 58 <!-- <obj-component id="DispatchManagerEvents"> <class>esecurity.ccs.comp.dispatcher.CommDispatcherManager</ class> <property name="esecurity.communication.service">Sentinel</ property> <property name="EventPublisher.performanceEventChannel">ewizard_binary_event</ property> </obj-component> <obj-component id="EventRouterServer"> <class>esecurity.ccs.comp.dispatcher.CommDispatcherManager</ class> <property name="esecurity.communication.service">Sentinel</ property> </obj-component> <obj-component id="EventRouter"> <class>esecurity.ccs.comp.router.EventRouter</class> <property name="esecurity.router.mode">server</property> <property name="esecurity.router.disable.compression">true</ property> <obj-component-ref> <name>DispatchManager</name> <ref-id>DispatchManager</ref-id> </obj-component-ref> <obj-component-ref> <name>EventPublisher</name> <ref-id>DispatchManagerEvents</ref-id> </obj-component-ref> <obj-component-ref> <name>EventRouterServer</name> <ref-id>EventRouterServer</ref-id> </obj-component-ref> </obj-component>...
Page 59: Managing Time
3.9.6 Managing Time Novell strongly recommends that all Sentinel components, particularly the Correlation Engine and Collector Manager machines, be connected to an NTP (Network Time Protocol) server or other type of time server. If the system time across machines is not synchronized, the Sentinel Correlation Engine and Active Views do not work properly.
Page 60: High-Performance Configuration
4 Open the script for edit from dbshut $ORACLE_HOME/bin/dbshut 5 Ensure that ORATAB pointing is to ORATAB=/etc/oratab NOTE: If ORATAB is not in the above specified location on your system, modify the ORATAB path manually to the exact location. 6 Click Save. After Sentinel is installed, you must install the Crystal Reporting server and the Sentinel Core Solution Pack.
Page 61 <obj-component id="EventInsertErrorHandler"> <class>esecurity.ccs.comp.event.EventInsertErrorHandlerService</class> <property name="cacheImpl">esecurity.ccs.comp.event.SmallFileMultiDirectoryEventMes sageCache</property> <property name="rootDirectory">../data/events/insertErrorBuffer</ property> <property name="reportInterval">300</property> <property name="takeDelaySec">60</property> <property name="eventTimeoutSec">28800</property> <property name="onlineCapacity">1000</property> <property name="capacity">5368709120</property> </obj-component> 3 In the same file, change the value of the following component: rootDirectory <obj-component id="EventProcessingErrorHandler"> <class>esecurity.ccs.comp.event.EventInsertErrorHandlerService</class> <property name="cacheImpl">esecurity.ccs.comp.event.SmallFileMultiDirectoryEventMes sageCache</property> <property name="rootDirectory">../data/events/insertErrorBuffer</ property>...
Page 62: Ldap Authentication
9 Restart the Sentinel server for the changes to take effect. 3.10 LDAP Authentication You can enable users to login to Sentinel using their Novell eDirectory™ or Microsoft Active Directory credentials by configuring a Sentinel 6.1 server for LDAP authentication.
Page 63  Linux/Solaris: $ESEC_HOME/config 4 Set the ownership and permissions of the certificate file as follows: Windows: Not applicable   Linux/Solaris: Run the following commands: <Install_Directory>/config/<cert-file> chown esecadm esec chmod 700 <Install_Directory>/config/<cert-file> 5 Switch to user: esecadm Windows: Not applicable ...
Page 64 “LDAP Authentication Without Performing Anonymous Searches” on page LDAP Directory used Specify 1 for Novell eDirectory or 2 for Active Directory. The default value is 1. This parameter is displayed only if you have specified ‘y’ for anonymous searches.
Page 65 9 Enter one of the following: : to accept the entered values  y : to enter new values  n  q : to quit the configuration On successful configuration: The LDAP server certificate is added to a keystore named ...
Page 66: Configuring Multiple Ldap Servers For Failover
LdapLogin { com.sun.security.auth.module.LdapLoginModule required userProvider="ldap://137.65.151.12:636/DC=Test- AD,DC=provo,DC=novell,DC=com" authIdentity="{USERNAME}@Test-AD.provo.novell.com" userFilter="(&(sAMAccountName={USERNAME})(objectclass=user))" useSSL=true; 4 Restart the Sentinel service: /etc/init.d/sentinel stop /etc/init.d/sentinel start You have successfully configured the Sentinel 6.1 server for LDAP authentication, and now you can create Sentinel LDAP user accounts in the Sentinel Control Center. For more information on creating LDAP user accounts, see “Creating an LDAP User Account for...
Page 67 8 Ensure that you set the necessary ownership and permissions of the certificate file for each failover LDAP sever. Windows: Not applicable. Linux/Solaris: Run the following commands: chown esecadm:esec <Install_Directory>/config/<cert-file> chmod 700 <Install_Directory>/config/<cert-file> 9 Add each failover LDAP server certificate to the keystore ldap_server.keystore that is created Step 9 in section “Configuring the Sentinel 6.1 Server for LDAP Authentication”...
Page 68: Migrating Ldap User Accounts From Sentinel 6.1 Sp1 Hotfix 2 To Sentinel 6.1 Sp2
"$ESEC_HOME/jre/bin/java" $MEMORY - Dcom.esecurity.configurationfile=$ESEC_CONF_FILE - Desecurity.cache.directory="$ESEC_HOME/data/control_center.cache" - Desecurity.communication.service="sentinel_client" -Dfile.encoding=UTF8 - Desecurity.dataobjects.config.file="/xml/BaseMetaData.xml,/xml/ WorkflowMetaData.xml,/xml/ActMetaData.xml" - Djava.util.logging.config.file="$ESEC_HOME/config/ control_center_log.prop" -Djava.security.auth.login.config="$ESEC_HOME/ config/auth.login" $SENTINEL_LANG_PROP $SENTINEL_CTRY_PROP - Dice.pilots.html4.baseFontFamily="Arial Unicode MS" - Desecurity.remote.timeout=60 -jar ../lib/console.jar solution_designer.sh: "$ESEC_HOME/jre/bin/java" -classpath $LOCAL_CLASSPATH $MEMORY - Dcom.esecurity.configurationfile="$ESEC_CONF_FILE" - Dsentinel.installer.jar.location="$ESEC_HOME/lib/contentinstaller.jar" - Desecurity.communication.service="sentinel_client" -Dfile.encoding=UTF8 - Desecurity.dataobjects.config.file="/xml/BaseMetaData.xml,/xml/ WorkflowMetaData.xml,/xml/ActMetaData.xml"...
Page 69: Updating The License Key
3.11 Updating the License Key If you purchase the product after evaluation, follow the procedure given below to update your license key in the system to avoid re-installation. Section 3.11.1, “Unix,” on page 69  Section 3.11.2, “Windows,” on page 69 ...
Page 70 Sentinel 6.1 Installation Guide...
Page 71: Testing The Installation
If any of these tests fail, review the installation log and other log files, and contact Novell Technical Support (http://support.novell.com/phone.html?sourceidint=suplnav4_phonesup), if necessary. To test the installation: 1 Start the Sentinel Control Center: Windows: Double-click the Sentinel Control Center icon on the desktop.
Page 72 3 Click the Event Source Management menu, and select Live View. 4 In the Graphical view, right-click 5 eps event source and select Start. 5 Close the Event Source Management Live View window. 6 Click the Active Views tab. The Active window titled PUBLIC: High_Severity, Severity. The collector might take some time to start and send the data to get displayed in the Active View window.
Page 73 12 Hold down the Ctrl or Shift key, and select multiple events from the Historical Event Query window. 13 Right-click and select Create Incident. 14 Enter a name for the incident TestIncident1 and click Create. A success notification displays. 15 Click OK. 16 Click the Incident tab.
Page 74 17 Double-click the incident to display. 18 Click File > Exit or click the X button on the upper right corner of the window to close the Incident window. 19 Click the Analysis tab. The Analysis Navigator window with the folder is displayed.
Page 75 23 To view the next batch of events, click More. 24 Rearrange the columns by dragging and dropping them, and sort the events as required by clicking the respective column heading. When the query is complete, it gets added to the list of quick queries in the Navigator. 25 Click the Correlation tab.
Page 76 28 Use the drop-down menus to set the criteria to Severity 4. Click Next. The Update Criteria window is displayed. 29 Select Do not perform actions every time this rule fires for the next and set the time period to 1 Minute using the drop-down menu.
Page 77 30 Enter a name and description for the rule, and click Next. 31 Select No, do not create another rule and click Next. 32 Create an action to associate the rule that you have created: 32a Perform either of the following: ...
Page 78 32b In the Configure Action window, specify the following: Specify the action name. For example, CorrelatedEvent Action.  Select Configure Correlated Event from the Action drop-down list.   Set the Event Options. Set the Severity to 5.  Specify the EventName. For example, CorrelatedEvent. ...
Page 79: Clean Up From Testing
42 Click each tab to verify that you can access them. 43 Close Sentinel Data Manager. If you were able to proceed through all of these steps without errors, you have completed a basic verification of the Sentinel system installation. 4.2 Clean Up from Testing After completing the system verification, you should remove the objects that were created for the tests.
Page 80: Getting Started
9 Close the Event Source Management window. 10 Click the Incidents tab. 11 Open the Incident View Manager. 12 Select , right-click and select Delete. TestIncident1 4.3 Getting Started To get started with real data, import and configure the Collectors that are appropriate for your environment, configure your own rules, build iTRAC workflows, and so on.
Page 81: Adding Sentinel Components
Adding Sentinel Components Section 5.1, “Adding Sentinel Components to an Existing Installation,” on page 81   Section 5.2, “Installing Additional Load Balancing Nodes,” on page 81 5.1 Adding Sentinel Components to an Existing Installation It might be necessary, at times, to install additional Sentinel components on a machine that already has a Sentinel installation.
Page 82: Multiple Das_Binary Processes
DAS_Binary has fully utilized the CPU. DAS_Binary is the process that manages event insertion into the database, and the highest event rates Novell has achieved in internal testing were with multiple DAS_Binary processes. For more information on the Sentinel 6.1 performance test results, see the...
Page 83 for the following process entries: DAS_RT  DAS_Aggregation   DAS_Query DAS_ITRAC  3c The secondary Sentinel service should be used. Therefore, the in the sentinel.conf directory must be modified by uncommenting the following line by ESEC_HOME/config removing the # character from the beginning of the line: wrapper.app.parameter.1=../config/sentinel.xml and commenting out the following line by inserting the # character at the beginning of the line:...
Page 84 <obj-component id="EventStoreDispatchManager"> <class>esecurity.ccs.comp.dispatcher.CommDispatcherManager</class> <property name="esecurity.communication.service">DAS_Binary_EventStore</ property> <property name="dependencies">DAS_Query</property> <property name="handler:esecurity.event.create">esecurity.ccs.cracker.EventCracker@ ewizard_binary_event,correlation_binary_event,database_binary_event,datab ase_tagged_event,correlation_binary_event_update</property> <obj-component id="DispatcherStatsService"> <class>esecurity.ccs.comp.dispatcher.stats.DispatcherStatsManager</class> <property name="ReportIntervals">900,3600,14400,86400</property> <property name="MinLogReportInterval">900</property> <property name="MinPublishReportInterval">86400</property> <property name="ReportByServiceName">true</property> <property name="ReportByMethodName">true</property> <obj-component-ref> <name>EventPublisher</name> <ref-id>DispatchManager</ref-id> </obj-component-ref> <obj-component-ref> <name>DispatchManager</name> <ref-id>DispatchManager</ref-id> </obj-component-ref> </obj-component> </obj-component> Here is a sample excerpt from the file showing the EventStoreService das_binary.xml component:...
Page 85 <obj-component id="EventStoreService"> <class>esecurity.ccs.comp.event.EventStoreService</class> <property name="handler">esecurity.event.create</property> <property name="waitBlocked">true</property> <property name="maxThreads">6</property> <property name="minThreads">6</property> <property name="maxThreadsQueued">10</property> <property name="queueSize">1000000</property> <obj-component-ref> <name>ThreadPool</name> <ref-id>EventStoreThreadPool</ref-id> </obj-component-ref> <obj-component-ref> <name>DispatchManager</name> <ref-id>EventStoreDispatchManager</ref-id> </obj-component-ref> <obj-component id="Persistor"> <class>esecurity.ccs.comp.event.jdbc.JDBCEventStore</class> <property name="insert.batchsize">600</property> <property name="insert.strategy">esecurity.ccs.comp.event.jdbc.JDBCLoadStrategy</ property> <property name="insert.oci.workerCount">5</property> <property name="insert.oci.queueWaitTime">1</property> <property name="insert.oci.highWatermark">10000000</property> <property name="insert.oci.lowWatermark">9000000</property> <property name="insert.oci.optimizationFlag">on</property> <property name="insert.pmaxWarningTime">300</property>...
Page 86 Options Description User Name Leave as default Password Leave as default 6d In the management console, select Manage tab >Containers > esecContainer > esecBroker >Durable Subscriptions. 6e Select the first empty row in the Users & Groups table on the right side of the GUI. When you select the empty row at top of this table, view the details of the DAS_Binary durable subscriptions below the empty row.
Page 87 copies of the DAS_Binary service entry. Delete the uuid attribute for each of the service entries (the uuid attribute will automatically be regenerated when Sentinel is started). The following is an example of one DAS_Binary service entry. <service name="DAS_Binary" plugins="" strategyid="sentinel_client" uuid="4DA52BE0-E7A4-1029-BB2F-00132168CBDF"/>...
Page 88 process component="DAS" depends="UNIX Communication Server,Windows Communication Server" image=""$(ESEC_JAVA_HOME)/java" -server - Dsrv_name=DAS_Binary -Xmx160m -Xms64m -XX:+UseParallelGC - XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=../log/DAS_Binary.hprof - Xss136k -Xrs -Desecurity.communication.service=DAS_Binary - Duser.language=en -Djava.net.preferIPv4Stack=true -Dfile.encoding=UTF8 - Desecurity.cache.directory=../data/das_binary.cache - Desecurity.dataobjects.config.file=/xml/BaseMetaData.xml - Djava.util.logging.config.file=../config/das_binary_log.prop - Dcom.esecurity.configurationfile=../config/configuration.xml - Djava.security.auth.login.config=../config/auth.login - Djava.security.krb5.conf=../config/krb5.conf -jar ../lib/ccsbase.jar ..// config//das_binary.xml"...
Page 89 11 Locate the file in the das_binary_log.prop $ESEC_HOME/config %ESEC_HOME%\config on Windows) directory. 12 Create a copy of the file for each instance of DAS_Binary you want to das_binary_log.prop run. For example, to run two instances of DAS_Binary, create two copies of das_binary_log.prop 13 Rename the files to match the names selected in step 5.
Page 90 When you select the empty row at top of this table, view the details of the DAS_Binary durable subscriptions below the empty row. 14f Select all durable subscriptions, right click, and then select Delete. 15 Restart the Sentinel services to activate your changes. UNIX: $ESEC_HOME/bin/sentinel.sh restart Windows: Restart the Sentinel service using the Windows Service Manager.
Page 91: Communication Layer (Iscale)
Communication Layer (iSCALE) Section 6.1, “SSL Proxy and Direct Communication,” on page 92   Section 6.2, “Changing the Communication Encryption Key,” on page 94 Section 6.3, “Increasing AES Key Strength,” on page 95  The communication layer (iSCALE) connecting all components of the architecture is an encrypted TCP/IP based connection built on a JMS (Java Messaging Service) backbone.
Page 92: Ssl Proxy And Direct Communication
6.1 SSL Proxy and Direct Communication The Sentinel components that might use the SSL proxy are the Sentinel Control Center and the Collector Manager. 6.1.1 Sentinel Control Center The Sentinel Control Center uses the SSL proxy by default. The Sentinel Control Center connects to SSL through the port.
Page 93: Collector Manager
5 If you select Accept, this message displays every time you try to open Sentinel on your system. To avoid this, you can select Accept permanently. To Start the Sentinel Control Center on Linux and Solaris: 1 As the Sentinel Administrator User (esecadm), change directory to: $ESEC_HOME/bin 2 Run the following command: control_center.sh...
Page 94: Changing The Communication Encryption Key
<service name="Sentinel" plugins="" strategyid="proxied_trusted_client"/> 4 Save the file and exit. 5 Run file if on UNIX). You will %ESEC_HOME%\bin\register_trusted_client.bat see output similar to this: E:\Program Files\novell\sentinel6>bin\register_trusted_client.bat Please review the following server certificate: Type: X.509 Issued To: foo.bar.net Issued By: foo.bar.net Fingerprint (MD5): A8:DF:BA:B2:F3:21:C9:27:28:48:13:B3:FE:F8:B4:AD...
Page 95: Increasing Aes Key Strength
NOTE: The file is not necessary on the database machine if the database is the only .keystore Sentinel component installed on that machine. It is also not necessary on machines with only the Sentinel Control Center, Collector Builder, Sentinel Data Manager, or Collector Manager (using a proxy) installed.
Page 96 NOTE: It is highly recommended that you review the “Understanding the Export/Import Issues” section of the Java file before enabling 256-bit encryption. Readme.txt To configure AES 256-bit encryption: 1 Download Unlimited Encryption policies from Sun (http://java.sun.com/javase/downloads/ index_jdk5.jsp). In the Other Downloads section, download “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0”.
Page 97: Crystal Reports For Windows
Crystal Reports for Windows Business Objects Crystal Reports Server is Section 7.10, “Using Crystal Reports,” on page 124the reporting tool used with Sentinel . This section discusses the installation and configuration of Crystal Reports Server for Sentinel on Windows platform. For more information on supported platforms for Crystal Reports Server in a Sentinel environment, see Chapter 2, “System Requirements,”...
Page 98: System Requirements
7.2 System Requirements  Windows Server 2003 SP1 with an NTFS-formatted partition, with IIS (Microsoft Internet Information Server) and ASP.NET installed. Sentinel does not support Crystal XI R2 on Windows Server 2000. NET Framework 1.1 or 2.0 is installed by default on Windows Server 2003. To determine ...
Page 99: Installation Overview
 Set Data Execution Prevention (DEP) to run on essential Windows programs and services only. 1. Go to Control Panel > System > Advanced tab > Performance Settings > Data Execution Prevention. 2. Select Turn on DEP for essential Windows programs and services only. NOTE: This is required to avoid Error 1920.
Page 100: Installation Overview Of Crystal Reports Server With Sql Server 2005
4 Install Crystal Reports Server: Configuring Open Database Connectivity (ODBC)  Installing and configuring Oracle Client Software  5 Configure inetmgr 6 Patch Crystal Reports. 7 Publish (import) Crystal Reports. 8 Set a named user account. 9 Test the connectivity to the Web server. 10 Increase the Crystal Reports Server report refresh record limit (recommended) 11 Configure Sentinel Control Center to integrate with Crystal Reports Server.
Page 101: Installation Overview Of Crystal Reports Server With Oracle
7 Create a Crystal Web page. For more information, see Section 7.8.5, “Configuring Report Permissions and Testing Connectivity,” on page 119. 8 Configure Sentinel for Crystal Reports Server. For more information, see Section 7.8.7, “Configuring the Sentinel Control Center to Integrate with Crystal Reports Server,” on page 121.
Page 102: Installing Microsoft Internet Information Server (Iis) And Asp.net
7.5.1 Installing Microsoft Internet Information Server (IIS) and ASP.NET If the IIS and ASP.NET are not installed on your Sentinel 6.1 server, use the following procedure to install. You might need the Windows Server 2003 installation CD to add these Windows components.
Page 103 9 Select the Crystal Reports setup language. 10 In the Select Client or Server Installation window, select Perform Server Installation. 11 Specify the Crystal license key that you received from the Novell Customer Center (https:// secure-www.novell.com/center/regadmin). ® Novell provides two Crystal license keys, one for Crystal Reports Server and the other for the Crystal Reports Developer (to modify or create new reports).
Page 104 15 Click the Machine Data Source tab, then click New. 16 Select System Data Source, then click Next. 17 Scroll down and select SQL Server, then click Next. A new source displays. 18 Click Finish. 19 Right-click Databases, then select Create New Database. 20 In the New Data Source to SQL Server window, specify the name of your data source (for example, BOE115) and an optional description.
Page 105 The Login ID that is displayed in this window is your Windows login name. 23 Select the Change the default database to check box. Change your default database to BOE115, then click Next. 24 In the Create a New Data Source to SQL Server window, click Finish. 25 Click Test Data Source and test the data source.
Page 106: Installing Crystal Reports Server For Microsoft Sql Server 2005 With Sql Authentication
28d In the Log On As pane, deselect the System Account, specify the Sentinel Report User domain account username and password that was used for the Sentinel Report User during your Sentinel install, then click OK. 29 Right-click Crystal Reports Page Server, then click start. 7.5.3 Installing Crystal Reports Server for Microsoft SQL Server 2005 with SQL Authentication 1 Complete...
Page 107 3 Specify the Login ID as and specify a password, then click Next. 4 Select Change the default database to. Change your default database to BOE115, then click Next. 5 In the Create a New Data Source to SQL Server window, click Finish. 6 Click Test Data Source, then click OK.
Page 108 5 Click Next. 6 Select how SQL Server should verify the authenticity of the login ID: For Windows NT Authentication: Select With Windows NT authentication using the network Login ID The Login ID that is displayed in this window is your Windows login name. For SQL Authentication: Select With SQL Server authentication using a login ID and password entered by the user, specify the Login ID as , then provide a password.
Page 109: Installing Crystal Reports Server For Oracle
9 Click Next, then click Finish. 10 Click Test Data Source. After testing, click OK until you exit. 7.5.4 Installing Crystal Reports Server for Oracle 1 Insert the Crystal Reports XI R2 Server CD into the CD-ROM drive. 2 Select the Crystal Reports setup language. 3 In the Select Client or Server Installation window, select Perform Server Installation.
Page 110 5 Select SQL Server (ODBC), then click Browse to select a DSN. 6 After you select a DSN, you are prompted for a username and password. Specify the required information and click Next. Crystal Reports Server and Microsoft SQL Server 2005 must reside on the same machine. 7 Select IIS ASP.NET.
Page 111 The Crystal Reports Server supports direct access to a Sentinel database on Oracle. This accessibility is provided by the translation file. This file communicates crdb_oracle.dll with the Oracle database driver, which works directly with Oracle databases and clients, retrieving the data you need for your report. Installing and Configuring Oracle Client Software NOTE: In order for Crystal Reports Server to use Oracle databases, the Oracle client software must be installed on your system, and the location of the Oracle client must be in the...
Page 112: Downloading The Service Packs For Crystal Reports
Server. The hosts file is located at %SystemRoot%\system32\drivers\etc\ 12 Click Close, then click Finish. 7.6 Downloading the Service Packs for Crystal Reports 1 Go to the Novell download Web site (http://download.novell.com). 2 Select from the Product/Technology list. SIEM/Sentinel 3 Specify as the keyword, then click Search.
Page 113: Patching Crystal Reports
Solution Manager, several Crystal Enterprise files need to be updated to make them compatible with the browser. The following table lists those files and describes the purpose of each file. These files can be found on the Sentinel 6.1 content Web pages (http://support.novell.com/products/sentinel/ sentinel61.html). Crystal Enterprise Files Table 7-1...
Page 114 1 Download the Sentinel report patches from the Sentinel 6 content Web pages (http:// support.novell.com/products/sentinel/sentinel61.html). 2 In the patch directory of Sentinel Reports Distribution, copy the following files: ...
Page 115: Publishing Crystal Report Templates
7.8 Publishing Crystal Report Templates Many report templates have been created by Novell for use in the Analysis and Advisor tabs of the Sentinel Control Center. The most recent reports can be downloaded from the...
Page 116: Using The Solution Manager To Publish Report Templates
Reports Server. To configure the system, you must download the Sentinel Core Solution Pack, available in the Solution Packs tab at Sentinel 6.1 Content Web site (http://support.novell.com/ products/sentinel/secure/sentinel61.html). The Sentinel Core Solution Pack includes auxiliary files that must be applied to both the Web server and the Crystal Reports server.
Page 117 NOTE: If you want to publish your report templates again, delete your previous import of the report templates. 1 Click Start > Programs > BusinessObjects > Crystal Reports Server > Publishing Wizard, then click Next and log in. System should be the hostname of the machine where Crystal is installed, and Authentication should be .
Page 118: Using The Central Management Console To Publish Report Templates
11 Click Next. After you click Next, only the first report displays in the category. 12 In the Specify Schedule window, ensure that Let users update the object is selected, then click Next. 13 In the Specify Repository Refresh window, click Enable All to enable repository refresh, then click Next.
Page 119: Setting A Named User Account
 Internal Events Security Events  Top 10  9 Click Home > Objects > New Object. 10 On left side of the page, select Report. 11 Click Browse and browse to the location of the report templates you want to add. Pick a folder and select a report.
Page 120: Disabling The Sentinel Top 10 Reports
If you see an error when you launch the .NET HTTP 404- File or Directory not found Administration Launchpad, see http://support.microsoft.com/kb/315122 for resolution (http:// support.microsoft.com/kb/315122 for resolution). 2 Click Central Management Console. The System Name should be your host computer name. The Authentication Type should be Enterprise 3 Specify as the User Name.
Page 121: Configuring The Sentinel Control Center To Integrate With Crystal Reports Server
Turning Off Aggregation 1 Log in to Sentinel Control Center. 2 Click Admin, then click Reporting Data. 3 Disable the following summaries:  EventDestSummary  EventSevSummary  EventSrcSummary 4 In the Status column, click Active until it changes to InActive. Disabling EventFileRedirectService 1 At your DAS machine, using the text editor, open the following file: For UNIX:...
Page 122: High-Performance Configurations For Crystal
<hostname_or_IP_of_web_server> must be replaced with the IP address or hostname of Crystal Reports Server. The URL does not work as expected if the Automated Process Scheduler (APS) is set to the IP address. It must be the host name of Crystal Reports Server. 4 Click Refresh, which is next to the Analysis URL field.
Page 123: Using The Aggregration Service For Reports
Using the Central Management Console to reconfigure the Crystal Page Server 1 Click Start > All Programs > BusinessObjects 11 > Crystal Reports Server > .Net Administration Launchpad. Alternatively, open a Web browser and provide the following URL: http://<DNS name or IP address of your web server>:<port number>/ businessobjects/enterprise11/adminlaunch/default.aspx 2 Click Central Management Console.
Page 124: Report Development
To reduce processing overhead on the Crystal server, minimize the amount of data to retrieve to  the Crystal server. Always write reports against the database views provided by Novell, instead of writing reports  against the base tables. 7.10 Using Crystal Reports For more information on using Crystal Reports Server for Sentinel Reporting, see “Crystal Report...
Page 125: Crystal Reports For Linux
Crystal Reports for Linux Business Objects Crystal Reports Server is the reporting tool used with Sentinel . This section discusses the installation and configuration of Crystal Reports Server for Sentinel on Linux platform. For more information on supported platforms for Crystal Reports Server in a Sentinel environment, see Chapter 2, “System Requirements,”...
Page 126: Overview
8 Configuring Sentinel Control Center to Integrate with Crystal Reports Server 8.1 Overview Crystal Report Server requires a database to store information about the system and its users. This database is known as the Central Management Server (CMS) database. The CMS is a server that stores information about the Crystal Reports Server system.
Page 127: Pre-Install Crystal Reports Server
8.2.1 Pre-Install Crystal Reports Server XI R2 To Pre-Install Crystal Reports Server: 1 If the Sentinel Database is not on the same machine as the Crystal Reports Server, then you must install the Oracle Client software on the Crystal Reports Server machine. This additional step is not needed if the Sentinel Database is on the same machine as the Crystal Reports Server because in this case the required Oracle software is already installed during the Oracle database installation.
Page 128 export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH 12 The PATH environment variable in the crystal user’s environment must contain the path to the Oracle software executables. To do this modify the crystal user's script to set the PATH environment variable to include the Oracle software executables. For example if the crystal user's shell is bash, then open the file and add the following line to ~crystal/.bash_profile...
Page 129: Installing Crystal Reports Server Xir2
8.2.2 Installing Crystal Reports Server XIR2 The Crystal Reports Server installer consists of two files. During the installation, you will be .iso prompted for the location of the second disk. To Install Crystal Reports Server: 1 Log in as crystal user. 2 Change directories into disk1 of the Crystal installer.
Page 130: Patching Crystal Reports
Solution Manager, several Crystal Enterprise files need to be updated to make them compatible with the browser. The following table lists those files and describes the purpose of each file. These files can be found on the Sentinel 6.1 content Web pages (http://support.novell.com/products/sentinel/ sentinel61.html). Crystal Enterprise Files Table 8-1...
Page 131: Downloading The Service Packs For Crystal Reports
7 Restart the Web Server and Crystal Server. 8.3 Downloading the Service Packs for Crystal Reports 1 Go to the Novell download Web site (http://download.novell.com). 2 Select from the Product/Technology list. SIEM/Sentinel 3 Specify as the keyword, then click Search.
Page 132: Publishing Report Templates Using Solution Manager
Many report templates are created by Novell for use in the Sentinel Control Center Analysis tab and Advisor tab. The most recent reports can be downloaded from the Sentinel 6.1 Content Web site (http://support.novell.com/products/sentinel/sentinel61.html). The core set of Sentinel reports are distributed in the Sentinel Core Solution Pack.
Page 133: Publishing Report Templates - Crystal Publishing Wizard
Core Solution Pack in Solution Manager Showing Crystal Auxiliary Files Figure 8-1 8.4.2 Publishing Report Templates – Crystal Publishing Wizard Sentinel reports are now distributed using Solution Packs, but this method can be used to publish report templates that are from a source other than a Solution Pack. NOTE: A Windows platform is required to run Crystal Publishing Wizard.
Page 134 NOTE: Publishing reports under user Administrator allows all users access to the reports. 3 Click Add Folder. [Optional] Click Include Subfolders. 4 Navigate to the location of the report template(s). Click OK. Click Next. 5 In the Specify Location window, click New Folder (upper right corner) and create a folder called SentinelReports (if it does not already exist).
Page 135: Publishing Report Templates - Central Management Console
9 In the Specify Schedule window, click Let users update the object (this should be default). Click Next. 10 In the Specify Repository Refresh window, click Enable All to enable repository refresh. Click Next. 11 In the Specify Keep Saved Data window, click Enable All to keep saved data when publishing reports.
Page 136: Using The Crystal Xi R2 Web Server
11 Click Browse and browse to the location of the report templates you want to add. Pick a folder and select a report. 12 Highlight SentinelReports, click Show Subfolders. 13 Select the appropriate folder for the report, click Show Subfolders. 14 Click Submit.
Page 137: Configuring Reports Permissions
8.5.3 Configuring Reports Permissions This procedure discusses how to use the Administration Launchpad to configure the permissions on reports to allow you to view and modify reports on demand. To Configure Reports Permissions: 1 Open a Web browser and provide the following URL: http://<hostname_or_IP_of_web_server>:<web_server_port_default_8080>/ businessobjects/enterprise115/adminlaunch 2 Click Central Management Console.
Page 138: Configuring Sentinel Control Center To Integrate With Crystal Reports Server
8.7 Configuring Sentinel Control Center to Integrate with Crystal Reports Server The Sentinel Control Center can be configured to integrate with the Crystal Reports Server, allowing you to view Crystal Reports from within Sentinel Control Center. To enable Sentinel Control Center integration with Crystal Reports Server, follow the instructions below.
Page 139: Utilities And Troubleshooting
7 Logout and log back in to the Sentinel Control Center. The Crystal Reports trees in the Analysis and Advisor (if Advisor is installed) tabs should now display in the Navigator window. 8.8 Utilities and Troubleshooting 8.8.1 Starting MySQL To make sure MySQL is running: 1 Login as crystal user.
Page 140: High-Performance Configurations For Crystal
To Troubleshoot CMS connection failure: 1 If the command netstat –an | grep 6400 does not return any results, try the following: Provide MySQL connection information again:  1. Login as crystal user 2. cd /opt/crystal_xir2/bobje ./cmsdbsetup.sh 4. Press Enter when ] displays.
Page 141: Reports Using Aggregation Service
maxDBResultRecords <value greater than 20000 or 0 to disable the default limit> 5 Restart Crystal Page Server. To Reconfigure the Crystal Page Server through the Central Management Console: 1 Click Start > All Programs > BusinessObjects 11 > Crystal Reports Server > .Net Administration Launchpad.
Page 142: Using Crystal Reports
To reduce processing overhead in Crystal Server, minimize the amount of data to retrieve to the  Crystal Server. Always write reports against the database views provided by Novell instead of writing reports  against the base tables. 8.10 Using Crystal Reports For more information on using Crystal Reports Server for Sentinel Reporting, see “Crystal Report...
Page 143: Uninstalling Sentinel
Uninstalling Sentinel Section 9.1, “Uninstalling Sentinel,” on page 143   Section 9.2, “Post-Uninstall,” on page 144 To remove a Sentinel installation, uninstallers are provided for Linux, Solaris, and Windows. Several files, including log files, are preserved and can be manually removed if desired. Before performing a new installation, it is highly recommended that you perform all of the following steps to ensure there are no files or system settings remaining from a previous installation.
Page 144: Uninstall For Windows
 Delete only the database objects: Removes the contents of the database except for the esecdba user. The database instance can then be repopulated using the Sentinel installer. This option does not free up disk space. 10 If you selected to Delete only the database objects, you will be prompted to provide the esecdba password.
Page 145: Sentinel Settings
To Manually Cleanup Sentinel on Linux: 1 Login as root. 2 Ensure that all Sentinel processes are stopped. 3 Remove contents of /opt/novell/sentinel6 (or wherever the Sentinel software was installed). 4 Remove Sentinel Service startup files: On SLES: chkconfig --del sentinel On RedHat: rm /etc/rc.d/rc0.d/K02sentinel...
Page 146 To Manually Cleanup Sentinel on Solaris: 1 Login as root. 2 Ensure that no Sentinel processes are running. 3 Remove contents of (or wherever the Sentinel software was /opt/novell/sentinel6 installed). 4 Remove the following files in the directory, if they exist: /etc/rc0.d K01wizard ...
Page 147 8 Make sure nobody is logged in as Sentinel Administrator operating system user, then remove the user (and home dir) and esec group. Run:  userdel -r esecadm  Run: groupdel esec 9 Remove Installshield section of login /etc/profile and /etc/. 10 Remove the /InstallShield directory, if one exists.
Page 148 To Manually Cleanup Sentinel on Windows: 1 Delete the folder %CommonProgramFiles%\InstallShield\Universal and all of its contents. 2 Delete the %ESEC_HOME% folder (by default: C:\Program Files\Novell\Sentinel6). 3 Right-click My Computer > Properties > Advanced tab. 4 Click the Environment Variables button.
Page 149 2 Expand the SQL Server Agent > Jobs tree and remove the Sentinel jobs. 3 Expand the Databases tree and locate your Sentinel database. There should be a Sentinel database (by default called ESEC) and an iTRAC database (by default called ESEC_WF). Right-click each and select Delete.
Page 150 150 Sentinel 6.1 Installation Guide...
Page 151 Answering these questions can be helpful in planning your own installation or preparing for consultants to install your Sentinel system. Pre-Install Questions 1 What is your goal or purpose of using Novell Sentinel? 1a Compliance 1b Security Event Management 1c Other_________________________________________...
Page 152 6 What reports do you want out of the system? This is important to ensure that your Collectors collect the correct data to be passed to the Sentinel database. 6a _______________________________________________________ 6b _______________________________________________________ 6c _______________________________________________________ 6d _______________________________________________________ 6e _______________________________________________________ 6f _______________________________________________________ 7 What source devices do you want to collect data from (IDS, HIDS, Routers, Firewalls and so on), event rate (EPS –...
Page 153: B.1 Installing Oracle 11G
Oracle Setup Section B.1, “Installing Oracle 11g,” on page 153   Section B.2, “Upgrading the Database from Oracle 10g to Oracle 11g,” on page 160 Section B.3, “Installing Oracle 10g,” on page 161  Section B.4, “Manual Oracle Instance Creation (Optional),” on page 164 ...
Page 154 5 Change the default Oracle environment settings set by , if required: orarun 5a Change the Oracle home directory by editing the variable in ORACLE_HOME /etc/ file. profile.d/oracle.sh 5b The default value is set to orcl. Change it to ESEC in the ORACLE_SID /etc/profile.d/ file.
Page 155: B.1.2 Oracle 11G Installation On Sles 10
12 From the Installation types, select Enterprise Edition, then click Next. 13 Review your selections, then click Install. 14 Execute the specified scripts as the user and click OK on completion. root 15 After the installation is complete, click Exit. B.1.2 Oracle 11g Installation on SLES 10 1 Follow the installation instructions provided in the SLES 10 installation manual.
Page 156: B.1.3 Oracle 11G Installation On Red Hat Linux 4
8 Ensure that the packages are installed correctly by using the following command: rpm -q <package_name> List of packages: binutils-2.16.91.0.5 compat-libstdc++-5.0.7 glibc-2.4-31.2 glibc-devel-2.4-31.2 gcc-4.1.0 ksh-93r-12.9 libaio-0.3.104 libaio-devel-0.3.104 libelf-0.8.5 libgcc-4.1.0 libstdc++-4.1.0 libstdc++-devel-4.1.0 make-3.80 sysstat-6.0.2 unixODBC-2.2.11 unixODBC-devel-2.2.11 9 Change to the oracle user: su - oracle 10 Change to database directory, then run ./runinstaller...
Page 157 binutils-2.15.92.0.2-18 compat-libstdc++-33.2.3-47.3 elfutils-libelf-0.97-5 elfutils-libelf-devel-0.97-5 glibc-2.3.9.4-2.19 glibc-common-2.3.9.4-2.19 glibc-devel-2.3.9.4-2.19 gcc-3.4.5-2 gcc-c++-3.4.5-2 libaio-devel-0.3.105-2 libaio-0.3.105-2 libgcc-3.4.5 libstdc++-3.4.5-2 libstdc++-devel-3.4.5-2 make-3.80-5 sysstat-5.0.5 unixODBC-2.2.11 unixODBC-devel-2.2.11 4 Create a UNIX group and UNIX user account for the Oracle database owner by using the following commands: Add dba group (as root groupadd oinstall groupadd dba...
Page 158: B.1.4 Oracle 11G Installation On Solaris 10
9 Run the to set the environment variables, and check the values by using the .bash_profile following command: set | more 10 If you are using X emulation, set the environmental variable: DISPLAY DISPLAY=<machine-name>:0.0; export DISPLAY 11 Change to database directory, then run the following script: ./runInstaller 12 When you proceed through the installation, leave all the prompts with their default values except the ones specified below:...
Page 159 groupadd oinstall groupadd dba 5 Add an Oracle user (as root useradd –g oinstall –G dba –d /opt/oracle/product/<10.2.0.3>/db_1 –m oracle passwd oracle 6 Change to the oracle user: su - oracle 7 Create directories for ORACLE_HOME ORACLE_BASE 8 Open the file (in the oracle user home directory) for editing, and append the .bash_profile following:...
Page 160: B.2 Upgrading The Database From Oracle 10G To Oracle 11G
12e In the Summary window, review the install summary, then click Install. 12f In the End of Installation window, click Exit. B.2 Upgrading the Database from Oracle 10g to Oracle 11g NOTE: There are several methods to upgrade the database from Oracle 10g to Oracle 11g. This section provides instructions on upgrading the database manually.
Page 161: B.3 Installing Oracle 10G
SQL>select comp_name,version,status from dba_registry 15 Copy the files from the Oracle 10g source tnsnames.ora listener.ora sqlnet.ora to the Oracle 11g ORACLE_HOME ORACLE_HOME 16 Shut down the database and start the database, database listener, Sentinel, and all other services. B.3 Installing Oracle 10g Section B.3.1, “Oracle 10g Installation on SLES 10,”...
Page 162: B.3.2 Oracle 10G Installation On Red Hat Linux 4
11 From the Installation types, select Enterprise Edition, then click Next. 12 For checking Network configuration requirements, select User Verified, then click. 13 From the Configuration options, select Install Database Software only, then click Next. The Installation summary is displayed. 14 Review the selections, then click Install.
Page 163 # User specific environment and startup programs ORACLE_BASE=/opt/oracle; export ORACLE_BASE ORACLE_HOME=$ORACLE_BASE/product/10.2.0/db_1; export ORACLE_HOME ORACLE_TERM=xterm; export ORACLE_TERM PATH=$ORACLE_HOME/bin:$PATH; export PATH ORACLE_SID=oracle; export ORACLE_SID LD_LIBRARY_PATH=$ORACLE_HOME/lib; export LD_LIBRARY_PATH CLASSPATH=$ORACLE_HOME/jre:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib CLASSPATH=$CLASSPATH:$ORACLE_HOME/network/jlib; export CLASSPATH LD_ASSUME_KERNEl=2.4.19; export LD_ASSUME_KERNEL TMP=/tmp; export TMP TMPDIR=$TMP;export TMPDIR PATH=$PATH:$HOME/bin export PATH unset USERNAME IMPORTANT: This set of environment variables must only be used for the oracle user.
Page 164: B.3.3 Oracle 10G Installation On Solaris 10
6 In the End of Installation window, click Exit. B.4 Manual Oracle Instance Creation (Optional) Novell recommends using the Sentinel installer to create the Oracle instance during the Sentinel database components installation. Sentinel 6.1 supports both dedicated server and shared server connection with Oracle.
Page 165 Oracle 10g Parameters Value db_cache_size 1 GB java_pool_size 33,554,432 large_pool_size 8,388,608 shared_pool_size 100 MB pga_aggregate_target 150,994,944 sort_area_size 109,051,904 open_cursors cursor_sharing SIMILAR optimizer_index_caching optimizer_index_cost_adj nls_length_semantics CHAR job_queue_processes 3 Create Sentinel tablespaces. For more information, see Section C.1.2, “Creating the Sentinel Tablespaces,” on page 170.
Page 166 166 Sentinel 6.1 Installation Guide...
Page 167: C.1 Configuring The Oracle Rac Database
Sentinel with Oracle Real Application Clusters Sentinel 6.1 is certified to run on an Oracle database with Real Application Clusters (RAC). The supported Oracle database versions are Oracle 10g and Oracle 11g Release 2 (64-bit) with Real Application Clusters (RAC). In addition to the standard installation procedures for Sentinel, there are a few additional steps to install and configure Sentinel to use Oracle RAC: Section C.1, “Configuring the Oracle RAC Database,”...
Page 168 4 To select all the nodes to create a cluster database, click Select All, then click Next. 5 From the list of templates, select a template. By default, General Purpose is selected. Click Next. 6 Specify the database name and SID (Oracle System Identifier), then click Next. 7 Make sure the Configure the Database with Enterprise Manager option is selected, then click Next.
Page 169 8 You can use the same passwords for all user accounts or you can use different passwords. Select your option and specify the passwords, then click Next. 9 From the three storage mechanisms offered by the system (Cluster File System, Automatic Storage Management, and Raw Devices), select your option.
Page 170: C.1.2 Creating The Sentinel Tablespaces
11 Retain the default selection in the Recovery options and Sample Schemas windows, then click Next. You can create a Database Service or you can create the service later by using DBCA. 12 In the Database storage window, retain the default selection, then click Next. 13 From the Database creation options, select Create Database, then click Finish.
Page 171: C.1.3 Creating The Sentinel Database User
Minimum Recommended Size Tablespace Comments with Autoextend Enabled SENT_LOBS 100MB Stores information about the database large objects This is the minimum value in a basic installation. This is the minimum value if the Sentinel installation is integrated with the identity management system enabled.
Page 172 You can run the Sentinel installer from any machine with the Oracle client installed, as long as the system has the proper Oracle environment variables set for the user ( oracle ORACLE_HOME ). If the machine is a Sentinel server, you can install the Sentinel components as ORACLE_BASE mentioned in Step 9 on page...
Page 173: C.3 Configuring The Connection Properties File
The following is a sample configuration for a service called OLTP with three nodes: driver=esecurity.base.db.driver.OracleProxyDriver dburl=jdbc:esecurity:oracleproxy:@ realdriver=oracle.jdbc.driver.OracleDriver realdburl=jdbc:oracle:thin:@ fatalvendorstates=28,600,1012,1014,1033,1034,1035,1089,1090,1092,1094,239 6,3106,3111,3113,3114 advancedconnectionstring=(DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=ca-sent1.novell.com) (PORT=1521)) (ADDRESS= (PROTOCOL=TCP) (HOST=ca-sent2.novell.com) (PORT=1521)) (ADDRESS= (PROTOCOL=TCP) (HOST=ca-sent3.novell.com) (PORT=1521)) (LOAD_BALANCE=yes) (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=OLTP) (FAILOVER_MODE=(TYPE=SELECT)(METHOD=BASIC)(RETRIES=180) (DELAY=5)))) NOTE: The entire should be on a single line.
Page 174: C.4 Configuring The Connection For Sentinel Data Manager
<process component="DAS"depends="UNIX Communication Server,Windows Communication Server" image=""$(ESEC_JAVA_HOME)/java" -server - Dsrv_name=DAS_Query -Xmx256m -Xms85m -XX:+UseParallelGC -Xss136k -Xrs -Duser.language=en -Dfile.encoding=UTF8 -Desecurity.dataobjects.config.file=/xml/BaseMetaData.xml, /xml/WorkflowMetaData.xml -Djava.util.logging.config.file=../config/das_query_log.prop -Djava.security.auth.login.config=../config/auth.login -Djava.security.krb5.conf=../config/krb5.conf -Desecurity.execution.config.file=../config/execution.properties - Dcom.esecurity.configurationfile=../config/configuration.xml -Desecurity.connect.config.file=../config/RACconnect.properties -jar ../lib/ccsbase.jar ..//config//das_query.xml" min_instances="1" name="DAS_Query" post_startup_delay="20" type="container" working_directory="$(ESEC_HOME)/data" /> 5 Restart the Sentinel services for the database connection changes to take effect. C.4 Configuring the Connection for Sentinel Data Manager value from the...
Page 175: Chapter 8, "Crystal Reports For Linux," On
(ADDRESS = (PROTOCOL = TCP)(HOST = 10.0.0.2)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = 10.0.0.3)(PORT = 1521)) (LOAD_BALANCE = yes) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = REPORT.novell.com) (FAILOVER_MODE = (TYPE = SELECT) (METHOD = BASIC) (RETRIES = 180)
Page 176 176 Sentinel 6.1 Installation Guide...

This manual is also suitable for:

Sentinel 6.1 sp2

Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010 Installation Manual

Preface

Introduction

System Requirements

Installing Sentinel 6.1 SP2

Testing the Installation

Adding Sentinel Components

Communication Layer (Iscale)

Crystal Reports for Windows

Chapter 7, "Crystal Reports for Windows," on

Crystal Reports for Linux

Chapter 9, "Uninstalling Sentinel," on

Uninstalling Sentinel

Chapter 8, "Crystal Reports for Linux," on

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010

Summary of Contents for Novell SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010

This manual is also suitable for:

Table of Contents