Novell SENTINEL 6.1 SP2 - REFERENCE GUIDE 02-2010 Reference Manual page 190

Hide thumbs Also See for SENTINEL 6.1 SP2 - REFERENCE GUIDE 02-2010:

Installation manual (176 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

page of 232

/ 232
Contents
Table of Contents
Bookmarks

Table of Contents

2 Determine the nature of the problem.

Can it be reproduced? Can the steps to reproduce the problem be enumerated?



What user action, if any, will cause the problem?



Is the issue periodic in nature?

3 Determine the severity of this problem.

Is the system still useable?



4 Understand the environment and systems involved.

What platforms and product versions are involved?



Are there any non-standard or custom components involved?



Is it a high event rate environment?

What is the rate of events being collected?



What is the event rate of insertion into the database?



How many concurrent users are there?

Is Crystal reporting used? When are reports run?



Is correlation used? How many rules are deployed?



Collect configuration files, log files and system information from appropriate subdirectories in

$ESEC_HOME or %ESEC_HOME%. Assemble this information for possible future

knowledge transfer.

5 Check the health of the system.

Can you log into the Sentinel Control Center?



Are events being generated and inserted into the database?



Can events be seen on the Sentinel Control Center?



Can events be retrieved from the database using quick query?



Check the RAM usage, disk space, process activity, CPU usage and network connectivity



of the hosts involved.

Verify all expected Sentinel processes are running. Microsoft Task Manager can be used



in a Windows environment. In UNIX, the command

Check for any core dumps in any of the sub-directories of ESEC_HOME. Find out which



process core dumped. (cd $ESEC_HOME, find

Check for the sqlplus net access. Check for the tablespaces.



Make sure the Sonic broker is running. Connectivity can be verified using the Sonic



management console. Check that the various connections are active from Novell

processes. Make sure that a lock file is not preventing Sonic from starting. Optionally

telnet to that server on the sonic port (that is telnet sentinel.company.com 10012)

Check whether the wrapper service is running on the server. (



Are any errors visible in the Servers View of the Sentinel Control Center? Are any errors

visible in the Event Source Management Live View in the Sentinel Control Center? What

is the OS resource consumption on the Collector Managers?

6 Is there a problem with the Database?



Using sqlplus, can you log into the database?

190 Sentinel 6.1 Reference Guide

ps –ef|grep esecadm

)

. –name core –print

ps –ef | grep wrapper

can be used.

)

Table of Contents

Chapters

Table of Contents

Need help?

Do you have a question about the SENTINEL 6.1 SP2 - REFERENCE GUIDE 02-2010 and is the answer not in the manual?

This manual is also suitable for:

Sentinel 6.1 sp2

Novell SENTINEL 6.1 SP2 - REFERENCE GUIDE 02-2010 Reference Manual page 190

Chapters

Need help?

Subscribe to Our Youtube Channel

Related Manuals for Novell SENTINEL 6.1 SP2 - REFERENCE GUIDE 02-2010

This manual is also suitable for:

Table of Contents