Sign In
Upload
Manuals
Brands
NOVELL Manuals
Software
SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010
NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010 Manuals
Manuals and User Guides for NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010. We have
2
NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010 manuals available for free PDF download: Reference Manual, Installation Manual
NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010 Reference Manual (232 pages)
Brand:
NOVELL
| Category:
Software
| Size: 3 MB
Table of Contents
Table of Contents
5
Preface
13
Sentinel TM User Reference Introduction
15
2 Sentinel Event Fields
17
Event Field Labels and Tags
17
Free-Form Filters and Correlation Rules
18
Actions
19
Javascript Collectors
21
Proprietary Collectors
21
List of Fields and Representations
21
3 Sentinel Control Center User Permissions
31
General
33
General – Manage Private Filters of Other Users
33
General – Public Filters
33
General – Integration Actions
34
Active Views
34
Active Views – Active Views
34
Active Views – Menu Items
34
Itrac
35
Itrac - Process Management
35
Itrac - Template Management
35
Incidents
35
Integrators
36
Actions
36
Event Source Management
37
Analysis Tab
37
Advisor Tab
37
Administration
38
Administration – Global Filters
38
Administration – Server Views
38
Correlation
39
Solution Pack
39
Identity
39
4 Sentinel Correlation Engine Rulelg Language
41
Correlation Rulelg Language Overview
41
Event Fields
41
Event Operations
42
Filter Operation
42
Window Operation
44
Trigger Operation
45
Rule Operations
46
Gate Operation
46
Flow Operator
47
Sequence Operation
47
Operators
47
Discriminator Operator
48
Intersection Operator
48
Union Operator
48
Order of Operators
48
Differences between Correlation in 5.X and 6.X
49
5 Sentinel Data Access Service
51
Reconfiguring Database Connection Properties
51
DAS Container Files
51
DAS Logging Properties Configuration Files
52
Certificate Management for Das_Proxy
54
6 Sentinel Accounts and Password Changes
59
Native Database Authentication
59
Windows Authentication
59
Sentinel Default Users
59
Changing Password
60
Password Changes
60
Sentinel Updates after a Password Change
61
7 Sentinel Database Views for Oracle
65
Actvy_Parm_Rpt_V
65
Actvy_Ref_Parm_Val_Rpt_V
65
Views
65
Actvy_Ref_Rpt_V
66
Actvy_Rpt_V
66
Adv_Nxs_Feed_V
67
Adv_Nxs_Products_V
68
Adv_Nxs_Signatures_V
69
Adv_Nxs_Mappings_V
69
Adv_Osvdb_Details_V
70
Adv_Nxs_Kb_Patch_V
73
Adv_Nxs_Kb_Productsref_V
74
Asset_Category_Rpt_V
74
Asset_Hostname_Rpt_V
75
Asset_Ip_Rpt_V
75
Asset_Location_Rpt_V
75
Asset_Rpt_V
76
Asset_Value_Rpt_V
76
Asset_X_Entity_X_Role_Rpt_V
77
Associations_Rpt_V
77
Attachments_Rpt_V
78
Audit_Record_Rpt_V
78
Configs_Rpt_V
79
Contacts_Rpt_V
79
CORRELATED_EVENTS_RPT_V (Legacy View)
80
Correlated_Events_Rpt_V1
80
Criticality_Rpt_V
80
Cust_Hierarchy_V
81
Cust_Rpt_V
81
Entity_Type_Rpt_V
81
Env_Identity_Rpt_V
82
Esec_Content_Grp_Content_Rpt_V
82
Esec_Content_Grp_Rpt_V
83
Esec_Content_Pack_Rpt_V
83
Esec_Content_Rpt_V
83
Esec_Ctrl_Ctgry_Rpt_V
84
Esec_Ctrl_Rpt_V
84
Esec_Display_Rpt_V
85
Esec_Port_Reference_Rpt_V
86
Esec_Protocol_Reference_Rpt_V
86
Esec_Sequence_Rpt_V
87
Esec_Uuid_Uuid_Assoc_Rpt_V
87
EVENTS_ALL_RPT_V (Legacy View)
87
7.1.43 Events_All_Rpt_V1 (Legacy View)
88
EVENTS_ALL_RPT_V1 (Legacy View)
88
EVENTS_RPT_V (Legacy View)
88
EVENTS_RPT_V1 (Legacy View)
88
Events_Rpt_V2
88
Column Name
89
Event_Id
92
Severity
92
Sub_Resource
92
Events_Rpt_V3
92
Begin_Time
93
Cust_Id
93
End_Time
93
Event_Datetime
93
Event_Name
93
Event_Time
93
Repeat_Count
93
Evt_Agent_Rpt_V
96
Evt_Agent_Rpt_V3
97
Evt_Asset_Rpt_V
97
Evt_Asset_Rpt_V3
98
Evt_Dest_Evt_Name_Smry_1_Rpt_V
99
Evt_Dest_Smry_1_Rpt_V
99
Evt_Dest_Txnmy_Smry_1_Rpt_V
100
Evt_Name_Rpt_V
100
Evt_Port_Smry_1_Rpt_V
101
Evt_Prtcl_Rpt_V
101
Evt_Prtcl_Rpt_V3
102
Evt_Rsrc_Rpt_V
102
Evt_Sev_Smry_1_Rpt_V
102
Evt_Src_Collector_Rpt_V
103
Evt_Src_Grp_Rpt_V
103
Evt_Src_Mgr_Rpt_V
104
Evt_Src_Offset_Rpt_V
104
Evt_Src_Rpt_V
104
Evt_Src_Smry_1_Rpt_V
105
Evt_Src_Srvr_Rpt_V
106
Evt_Txnmy_Rpt_V
106
Evt_Usr_Rpt_V
106
Evt_Xdas_Txnmy_Rpt_V
107
External_Data_Rpt_V
107
HIST_CORRELATED_EVENTS_RPT_V (Legacy View)
108
HIST_EVENTS_RPT_V (Legacy View)
108
Images_Rpt_V
108
Incidents_Assets_Rpt_V
108
Incidents_Events_Rpt_V
109
Incidents_Rpt_V
109
Incidents_Vuln_Rpt_V
110
Logs_Rpt_V
110
L_Stat_Rpt_V
110
Mssp_Associations_V
111
Network_Identity_Rpt_V
111
Organization_Rpt_V
111
Person_Rpt_V
112
Physical_Asset_Rpt_V
112
Product_Rpt_V
113
Role_Rpt_V
113
Rpt_Labels_Rpt_V
113
Sensitivity_Rpt_V
114
Sentinel_Host_Rpt_V
114
Sentinel_Plugin_Rpt_V
114
Sentinel_Rpt_V
115
States_Rpt_V
115
Unassigned_Incidents_Rpt_V
116
Users_Rpt_V
116
Usr_Account_Rpt_V
117
Usr_Identity_Ext_Attr_Rpt_V
117
Usr_Identity_Rpt_V
118
Vendor_Rpt_V
118
Vuln_Calc_Severity_Rpt_V
119
Vuln_Code_Rpt_V
119
Vuln_Info_Rpt_V
120
Vuln_Rpt_V
120
Vuln_Rsrc_Rpt_V
121
Vuln_Rsrc_Scan_Rpt_V
122
Vuln_Scan_Rpt_V
122
Vuln_Scan_Vuln_Rpt_V
122
Vuln_Scanner_Rpt_V
123
Workflow_Def_Rpt_V
123
Deprecated Views
124
Workflow_Info_Rpt_V
124
8 Sentinel Database Views for Microsoft SQL Server
125
Views
125
Actvy_Parm_Rpt_V
125
Actvy_Ref_Parm_Val_Rpt_V
125
Actvy_Ref_Rpt_V
126
Actvy_Rpt_V
126
Adv_Nxs_Feed_V
127
Adv_Nxs_Products_V
127
Adv_Nxs_Signatures_V
128
Adv_Nxs_Mappings_V
129
Adv_Osvdb_Details_V
130
Adv_Nxs_Kb_Patch_V
132
Adv_Nxs_Kb_Productsref_V
133
Annotations_Rpt_V
133
Asset_Category_Rpt_V
134
Asset_Hostname_Rpt_V
134
Asset_Ip_Rpt_V
134
Asset_Location_Rpt_V
135
Asset_Rpt_V
135
Asset_Value_Rpt_V
136
Asset_X_Entity_X_Role_Rpt_V
136
Associations_Rpt_V
137
Attachments_Rpt_V
137
Audit_Record_Rpt_V
138
Configs_Rpt_V
138
Contacts_Rpt_V
139
CORRELATED_EVENTS_RPT_V (Legacy View)
139
Correlated_Events_Rpt_V1
139
Criticality_Rpt_V
140
Cust_Hierarchy_V
140
Cust_Rpt_V
141
Entity_Type_Rpt_V
141
Env_Identity_Rpt_V
141
Esec_Content_Grp_Content_Rpt_V
142
Esec_Content_Grp_Rpt_V
142
Esec_Content_Pack_Rpt_V
143
Esec_Content_Rpt_V
143
Esec_Ctrl_Ctgry_Rpt_V
143
Esec_Ctrl_Rpt_V
144
Esec_Display_Rpt_V
144
Esec_Port_Reference_Rpt_V
145
Esec_Protocol_Reference_Rpt_V
146
Esec_Sequence_Rpt_V
146
Esec_Uuid_Uuid_Assoc_Rpt_V
147
EVENTS_ALL_RPT_V (Legacy View)
147
EVENTS_ALL_RPT_V1 (Legacy View)
147
EVENTS_ALL_V (Legacy View)
147
EVENTS_RPT_V (Legacy View)
147
EVENTS_RPT_V1 (Legacy View)
147
Events_Rpt_V2
147
Events_Rpt_V3
152
Evt_Agent_Rpt_V
156
Evt_Agent_Rpt_V3
157
Evt_Asset_Rpt_V
157
Evt_Asset_Rpt_V3
158
Evt_Dest_Evt_Name_Smry_1_Rpt_V
159
Evt_Dest_Smry_1_Rpt_V
159
Evt_Dest_Txnmy_Smry_1_Rpt_V
160
Evt_Name_Rpt_V
161
Evt_Port_Smry_1
161
Evt_Prtcl_Rpt_V
162
Evt_Port_Smry_1_Rpt_V
162
Evt_Rsrc_Rpt_V
162
Evt_Sev_Smry_1_Rpt_V
163
Evt_Src_Collector_Rpt_V
163
Evt_Src_Grp_Rpt_V
164
Evt_Src_Mgr_Rpt_V
164
Evt_Src_Offset_Rpt_V
164
Evt_Src_Rpt_V
165
Evt_Src_Smry_1_Rpt_V
165
Evt_Txnmy_Rpt_V
166
Evt_Src_Srvr_Rpt_V
166
Evt_Usr_Rpt_V
167
Evt_Xdas_Txnmy_Rpt_V
167
External_Data_Rpt_V
168
Hist_Correlated_Events
168
Hist_Events
169
HIST_CORRELATED_EVENTS_RPT_V (Legacy View)
169
HIST_EVENTS_RPT_V (Legacy View)
172
Images_Rpt_V
172
Incidents_Assets_Rpt_V
172
Incidents_Rpt_V
173
Incidents_Events_Rpt_V
173
L_Stat_Rpt_V
174
Incidents_Vuln_Rpt_V
174
Logs_Rpt_V
175
Mssp_Associations_V
175
Network_Identity_Rpt_V
175
Organization_Rpt_V
176
Person_Rpt_V
176
Physical_Asset_Rpt_V
176
Role_Rpt_V
177
Product_Rpt_V
177
Rpt_Labels_Rpt_V
178
Sensitivity_Rpt_V
178
Sentinel_Host_Rpt_V
178
Sentinel_Plugin_Rpt_V
179
Sentinel_Rpt_V
179
States_Rpt_V
179
Unassigned_Incidents_Rpt_V
180
Users_Rpt_V
180
Usr_Account_Rpt_V
181
Usr_Identity_Ext_Attr_Rpt_V
182
Usr_Identity_Rpt_V
182
Vendor_Rpt_V
182
Vuln_Calc_Severity_Rpt_V
183
Vuln_Code_Rpt_V
183
Vuln_Info_Rpt_V
184
Vuln_Rpt_V
184
Vuln_Rsrc_Rpt_V
185
Vuln_Rsrc_Scan_Rpt_V
186
Vuln_Scan_Rpt_V
186
Vuln_Scan_Vuln_Rpt_V
186
Vuln_Scanner_Rpt_V
187
Workflow_Def_Rpt_V
187
Workflow_Info_Rpt_V
187
Deprecated Views
188
B.1 Sentinel Services
193
B.2 Introduction to Service Logon Accounts
193
B.2.1 Disadvantages of Running a Service in the Context of a User Logon
194
B.3 to Setup NT Authority\Networkservice as the Logon Account for Sentinel Service
195
Instances
195
B.3.2 Changing Logon Account
198
B.3.3 Setting the Sentinel Service to Start Successfully
199
C.1 Advisor
201
C.2 Collector Manager
202
C.3 Correlation Engine
203
C.4 Data Access Server (DAS)
204
C.5 Sentinel Communication Server
205
C.6 Sentinel Service
206
C.7 Reporting Server
206
D.1 Sentinel Database Instance
207
D.1.1 Esec
207
D.1.2 Esec_Wf
207
D.2 Sentinel Database Users
207
D.2.1 Summary
208
D.2.2 Esecadm
208
D.2.3 Esecapp
208
D.2.4 Esecdba
209
D.2.5 Esecrpt
209
D.3 Sentinel Database Roles
209
D.3.1 Summary
209
D.3.2 Esec_App
209
D.3.3 Esec_Etl
218
D.3.4 Esec_User
224
D.4 Sentinel Server Roles
228
D.5 Windows Domain Authentication DB Users and Permissions
228
E Sentinel Log Locations
229
E.1 Sentinel Data Manager
229
E.2 Itrac
229
E.3 Advisor
230
E.4 Event Insertion
230
E.5 Database Queries
230
E.6 Active Views
230
E.7 Aggregation
231
E.8 Wrapper
231
E.9 Collector Manager
231
E.10 Correlation Engine
231
E.11 Sentinel Control Center
232
E.12 das Proxy
232
E.13 Solution Designer
232
E.14 Multiple Instances
232
Advertisement
NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010 Installation Manual (176 pages)
Brand:
NOVELL
| Category:
Software
| Size: 3 MB
Table of Contents
Table of Contents
5
Preface
9
Introduction
11
Sentinel Overview
11
Sentinel User Interfaces
12
Sentinel Control Center
12
Sentinel Data Manager
13
Sentinel Solution Designer
13
Sentinel Collector Builder
13
Sentinel Server Components
13
Sentinel Server
13
Sentinel Communication Server
14
Sentinel Database
14
Sentinel Collector Manager
14
Correlation Engine
14
Itrac
14
Crystal Reports Server
14
Sentinel Advisor and Exploit Detection
14
Sentinel Plugins
15
Collectors
15
Connectors and Integrators
15
Correlation Rules and Actions
15
Reports
16
Itrac Workflows
16
Solution Packs
16
Language Support
16
System Requirements
17
Supported Software
17
Patch Levels
17
Database Supported Platforms
18
Sentinel Component Supported Platforms
19
Platform Support Exceptions and Cautions
20
Hardware Recommendations
21
Architecture Considerations
21
Supported Hardware
23
Proof of Concept Configuration
23
Production Configuration
24
High-Performance Production Configuration
25
Virtual Environments
26
Installing Sentinel 6.1 SP2
27
Installer Overview
27
Sentinel Configurations
28
Linux
28
Solaris
29
Windows
29
High-Performance Configuration
29
Port Numbers Used for Sentinel 6.1
31
General Installation Prerequisites
31
Providing Power User Privileges to Domain Users
33
Sentinel Database Installation Prerequisites
33
Authentication Mode Settings on Microsoft SQL
36
Sentinel Server Installation Prerequisites
37
Database Installation
37
Setting Kernel Values
37
Creating Group and User Accounts for Oracle (Solaris Only)
39
Setting Environment Variables for Oracle (Solaris Only)
39
Installing Oracle
40
Simple Installation
40
Custom Installation
42
Starting the Installation
43
Configuring the Database on Windows
48
Configuring the Database on Linux or Solaris
49
Completing the Installation
51
Console Installation on Linux or Solaris
52
Installing Sentinel as a Domain User
54
Post-Installation Configuration
54
Configuring the SMTP Integrator to Send Sentinel Notifications
55
Sentinel Database
55
Collector Service
56
Starting the Collector Manager Service
56
Configuring the Light Weight Collector Manager
56
Managing Time
59
Modifying Oracle Dbstart and Dbshut Scripts
59
High-Performance Configuration
60
LDAP Authentication
62
Configuring the Sentinel 6.1 Server for LDAP Authentication
62
Configuring Multiple LDAP Servers for Failover
66
Migrating LDAP User Accounts from Sentinel 6.1 SP1 Hotfix 2 to Sentinel 6.1 SP2
68
Updating the License Key
69
Unix
69
Windows
69
Testing the Installation
71
Clean up from Testing
79
Getting Started
80
Adding Sentinel Components
81
Adding Sentinel Components to an Existing Installation
81
Installing Additional Load Balancing Nodes
81
Multiple Das_Binary Processes
82
Communication Layer (Iscale)
91
SSL Proxy and Direct Communication
92
Sentinel Control Center
92
Collector Manager
93
Changing the Communication Encryption Key
94
Increasing AES Key Strength
95
Crystal Reports for Windows
97
Overview
97
System Requirements
98
Configuration Requirements
98
Installation Overview
99
Installation Overview of Crystal Reports Server with SQL Server 2005
100
Installation Overview of Crystal Reports Server with Oracle
101
Installation
101
Installing Microsoft Internet Information Server (IIS) and ASP.NET
102
Installing Crystal Reports Server for Microsoft SQL Server 2005 with Windows Authentication
102
Installing Crystal Reports Server for Microsoft SQL Server 2005 with SQL Authentication
106
Installing Crystal Reports Server for Oracle
109
Downloading the Service Packs for Crystal Reports
112
Configuring Crystal Reports Server to Work with the Sentinel Control Center
112
Configuring Inetmgr
112
Patching Crystal Reports
113
Publishing Crystal Report Templates
115
Using the Solution Manager to Publish Report Templates
116
Using the Crystal Publishing Wizard to Publish Report Templates
116
Using the Central Management Console to Publish Report Templates
118
Setting a Named User Account
119
Configuring Report Permissions and Testing Connectivity
119
Disabling the Sentinel Top 10 Reports
120
Configuring the Sentinel Control Center to Integrate with Crystal Reports Server
121
High-Performance Configurations for Crystal
122
Increasing the Report Refresh Record Limit for Crystal Reports Server
122
Using the Aggregration Service for Reports
123
Report Development
124
Using Crystal Reports
124
Uninstalling Crystal Reports
124
Chapter 7, "Crystal Reports for Windows," on
125
Crystal Reports for Linux
125
Installation
126
Pre-Install Crystal Reports Server
127
Tm XI R2
127
Installing Crystal Reports Server XIR2
129
Patching Crystal Reports
130
Overview
126
Downloading the Service Packs for Crystal Reports
131
Publishing Crystal Reports Templates
131
Publishing Report Templates Using Solution Manager
132
Publishing Report Templates - Crystal Publishing Wizard
133
Publishing Report Templates - Central Management Console
135
Using the Crystal XI R2 Web Server
136
Testing Connectivity to the Web Server
136
Setting a "Named User" Account
136
Configuring Reports Permissions
137
Increasing Crystal Reports Server Report Refresh Record Limit
137
Configuring Sentinel Control Center to Integrate with Crystal Reports Server
138
Utilities and Troubleshooting
139
Starting Mysql
139
Starting Tomcat
139
Starting Crystal Reports Servers
139
Crystal Host Name Error
139
Cannot Connect to CMS
139
High-Performance Configurations for Crystal
140
Reports Using Aggregation Service
141
Using Crystal Reports
142
Report Development
142
Chapter 9, "Uninstalling Sentinel," on
143
Uninstall for Windows
144
Post-Uninstall
144
Sentinel Settings
145
B.1 Installing Oracle 11G
153
B.1.1 Oracle 11G Installation on SLES 11
153
B.1.2 Oracle 11G Installation on SLES 10
155
B.1.3 Oracle 11G Installation on Red hat Linux 4
156
B.1.4 Oracle 11G Installation on Solaris 10
158
B.2 Upgrading the Database from Oracle 10G to Oracle 11G
160
B.3 Installing Oracle 10G
161
B.3.1 Oracle 10G Installation on SLES 10
161
B.3.2 Oracle 10G Installation on Red hat Linux 4
162
B.3.3 Oracle 10G Installation on Solaris 10
164
B.4 Manual Oracle Instance Creation (Optional)
164
C.1 Configuring the Oracle RAC Database
167
C.1.1 Creating the RAC Database
167
C.1.2 Creating the Sentinel Tablespaces
170
C.1.3 Creating the Sentinel Database User
171
C.2 Installing the Sentinel Database
171
C.3 Configuring the Connection Properties File
173
C.4 Configuring the Connection for Sentinel Data Manager
174
C.4.1 Known Issue
174
C.5 Configuring the Connection for Crystal Enterprise Server
174
Uninstalling Sentinel
143
Uninstall for Solaris and Linux
143
Chapter 8, "Crystal Reports for Linux," on
175
Advertisement
Related Products
NOVELL ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE 02-12-2010
NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
NOVELL APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008
NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
NOVELL LINUX ENTERPRISE DESKTOP 10 SP1 - START UP GUIDE 03-15-2007
NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009
NOVELL PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010
NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.2 - ADMINISTRATION GUIDE 09-2007
NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0 - INTEGRATION AND STREAMING GUIDE 05-07-2010
NOVELL Categories
Software
Server
Desktop
Printer
Recording Equipment
More NOVELL Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL