Table of Contents
Advertisement
4 Understand the environment and systems involved.
What platforms and product versions are involved?
Are there any non-standard or custom components involved?
Is it a high event rate environment?
What is the rate of events being collected?
What is the event rate of insertion into the database?
How many concurrent users are there?
Is correlation used? How many rules are deployed?
Collect configuration files, log files and system information from appropriate subdirectories in
<
Install_Directory
5 Check the health of the system.
Can you log into the Sentinel Control Center?
Are events being generated and inserted into the database?
Can events be seen on the Sentinel Control Center?
Can events be retrieved from the database using quick query?
Check the RAM usage, disk space, process activity, CPU usage and network connectivity
of the hosts involved.
Verify all expected Sentinel processes are running. Use the command
novell
Check for any core dumps in any of the sub-directories of <
out which process core dumped.
cd <Install_Directory>
find . –name core –print
Make sure the ActiveMQ broker is running. Connectivity can be verified using the
ActiveMQ management console. Check that the various connections are active from
Novell processes. Make sure that a lock file is not preventing ActiveMQ from starting.
Optionally telnet to that server on the port, telnet sentinel.company.com 61616.
Check whether the wrapper service is running on the server. (
Are any errors visible in the Servers View of the Sentinel Control Center? Are any errors
visible in the Event Source Management Live View in the Sentinel Control Center? What
is the OS resource consumption on the Collector Managers?
6 Is there a problem with the Database?
Using Pgadmin*, can you log into the database?
Does the database allow a Pgadmin login using the Novell dbauser account into the SIEM
schema?
Does querying on one of the table succeed?
Does a select statement on a database table succeed?
Check the JDBC drivers, their locations and class path settings.
Is the database being maintained by an administrator? By anyone?
Has the database been modified by that administrator?
122 Sentinel 6.1 Rapid Deployment Reference Guide
>. Assemble this information for possible future knowledge transfer.
can be used.
ps –ef|grep
>. Find
Install_Directory
ps –ef | grep wrapper
)
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009
Related Products for Novell SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009
- NOVELL SENTINEL 6.1 SP1 HOTFIX 2 - READ ME 9-2009
- NOVELL SENTINEL 6.1.1.0 - README
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
- NOVELL NETWARE 6-DOCUMENTATION
- NOVELL ZENWORKS PATCH MANAGEMENT 6.3 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - AGENT
- Novell NETWARE 6
Need help?
Do you have a question about the SENTINEL RAPID DEPLOYMENT 6.1 - REFERENCE GUIDE 06-15-2009 and is the answer not in the manual?