Novell SENTINEL 6.1 README

Novell Sentinel™ 6.1.1.0

March 17, 2009
These are the release notes for the Sentinel 6.1.1.0 (6.1 SP1) Release.

 Section 1, “Overview,” on page 1
 Section 2, “New Features in Sentinel 6.1,” on page 2
 Section 3, “Prerequisites,” on page 2
 Section 4, “Installation,” on page 3
 Section 5, “Sentinel Database Patch Installation,” on pa ge 4
 Section 6, “Post-Installation,” on page 7
 Section 7, “Defects Fixed in Sentinel 6.1 Release,” on page 8
 Section 8, “Known Issues in Sentinel 6.1.1.0 Release,” on page 12
 Section 9, “Documentation Conventions,” on page 12
 Section 10, “Legal Notices,” on page 13

Novell®

1 Overview

The information in this Release Note file pertains to Novell Sentinel™ 6.1.1.0, which provides a
real-time, holistic view of security and compliance activities, while helping customers monitor,
report, and respond automatically to network events across the enterprise.

This Service Pack will apply the latest software fixes and enhancements to an ex isting installation of
Sentinel 6.1, including the updates in Sentinel 6.1 Hotfix 1 (6.1.0.1). Sentinel 6.1 must already be
installed before applying this Service Pack.

The Service Pack must be installed on all existing Sentinel 6.1 installation machines, client and
server. This includes machines with Sentinel Server the Correlation Engine, Sentinel Database,
Collector Manager, Sentinel Control Center, Collector Builder, and Sentinel Data Manager.

This Service Pack is mandatory for all users who subscribe to the Advisor data service.

1.1 Prerequisites

 If Sentinel is not yet installed, it must be installed using the Sentinel 6.1.0.0 installe r. Please see

the Sentinel Installation Guide for instructions.

 If Sentinel 5.x is installed, it must be upgraded to Sentinel 6.1.0.0 using the upgrade installer.

Please see the Patch Installation Guide for instructions.

 If Sentinel 4.x is installed, Sentinel 6.1.0.0 must be installed using the Sentinel 6.1.0.0 installer.

Some data can be migrated to the Sentinel 6 .1 .0. 0 installation. Please see the Patch Installati on
Guide for instructions.

Novell Sentinel™ 6.1.1.0 1

The full product documentation and the most recent version of this file are available at the Novell

Sentinel Documentation Web site (http://www.novell.com/documentation/sentinel61).

2 New Features in Sentinel 6.1

This section explains the new features available in Sentinel 6.1.

 Section 2.1, “New Features in Sentinel 6.1.1.0,” on page 2
 Section 2.2, “New Features in Sentinel 6.1 Hotfix 1,” on page 2

2.1 New Features in Sentinel 6.1.1.0

Sentinel 6.1.1.0 is a maintenance release for Sentinel 6.1. In addition to bug fixes, it contains
enhanced Advisor feature.

2.1.1 Advisor update

The 6.1.1.0 service pack installer deletes the old Advisor data, which has erroneous Advisor
mappings, and enables you to start downloading the new Advisor data.

With the Sentinel 6.1.1.0 release, the existing Advisor download URL will be redirected to a server
containing the new Advisor data. In order to continue to receive automatic updates of the latest
Advisor data, you need to upgrade to Sentinel 6.1.1.0.

2.2 New Features in Sentinel 6.1 Hotfix 1

This section lists the features available in Sentinel 6.1 Hotfix 1 Release.

 AUDIT_RECORD Table Partitioning - The AUDIT_RECORD table is configured for

partitioning and archiving for better table management.

 Customizing Data and Time Format in Sentinel Control Center - This feature gives the ability

to customize the date/time format that is displayed in event tables in SCC. These event tables
are the ones seen in Active Views, Historical Event Query, Offline Query, etc. By default, the
date/time format will be based on the locale of the machine running SCC; however, the user
can override this default by adding a property to the SentinelPreferences.properties file found
in $ESEC_HOME/config.

3 Prerequisites

The prerequisites depend on the Sentinel system version and platform. Read each section below
carefully to determine whether the steps apply to your environment.

3.1 Back Up Sentinel System

This prerequisite applies to all Sentinel systems, regardless of version or platform.
It is highly recommended that a complete backup be made of the machines on which you are

installing the service pack, inclu ding the Sentinel d atabase. If this is no t possible, th en at a minimum
a backup of the contents of the ESEC_HO ME di recto ry shou ld b e made. This w ill help protect you r
system against unexpected installation errors.

2 Novell Sentinel™ 6.1.1.0

3.2 Back Up AUDIT_RECORD Table

This prerequisite is not necessary if you have already applied Sentinel 6.1 Hotfix 1 (6.1.0.1). It is
necessary if Hotfix 1 has not been applied yet.

Starting with Sentinel 6.1 Hotfix 1, the AUDIT_RECORD table, which contains internal audit
events for the Sentinel system, is configured for partitioning and archiving for better table
management. Because the existing table i s not partitioned o r archived, the PatchDB sc ript may fail if
the AUDIT_RECORD table is too la rge relati ve to the amount of temporary tablespace available.

There are two approaches to ensure the PatchDB script runs successfully, depending on whether it is
critical to your organization to preserve the data in the AUDIT_RECORD table.

 If the AUDIT_RECORD data is not important, truncate the AUDIT_RECORD table using the

following SQL command:
TRUNCATE TABLE AUDIT_RECORD

 If the AUDIT_RECORD data is important and needs to be preserved, add more space to the

temporary tablespace. The amount of space to be ad ded d epends on your environment; consult
your Database Administrator (DBA) for adequate settings.

4 Installation

The instructions provided in this sec ti on are for installing Sentinel 6.1.1.0 Serv ice Pack only. This
Service Pack can be run against an existing installation of Sentinel™ 6.1.

Follow the below listed instructions to install the Service Pack for software and database:

1 Login to any machine which has Sentinel installed.

 On Linux/Solaris, log in as root.
 On Windows Vista, log in as any user unless User Access Control is disabled. If User

Access Control is disabled, you must log in as an Administrator.

 On other (non-Vista) Windows systems, log in as an Administrator.

2 Verify that the environment variables for Sentinel are set by running one of the following

commands:

 On Linux/Solaris, echo $ESEC_HOME
 On Windows, echo %ESEC_HOME%

3 Extract the Service Pack zip file.
4 Close all Sentinel applications running on this machine, including:

 Sentinel Control Center
 Sentinel Collector Builder
 Sentinel Data Manager
 Solution Designer

5 Shut down the Sentinel services running on this machine:

 On Windows, use Window s Se rvice Manager to stop the “Sentinel” services.
 On Linux/Solaris, run $ESEC_HOME/bin/sentinel.sh stop

Novell Sentinel™ 6.1.1.0 3

6 Open a command prompt. For most Windows systems and Linux/Solaris, you can use any

method to open the prompt. For Windows Vista, you must open the command prompt as an
administrator using the following instructions.

6a Go to Start > All Programs > Accessories.
6b Right-click Command Prompt and select Run as administrator.
6c If User Access Control is enabled and you are logged in as a user with administrator

privileges, a User Access Control window appears to notify you that “

your permission to continue

6d Click Continue. If you are logged in as a user without administrative privileges, you will

be prompted to authenticate as an administrative user.

7 On the command line, return to the extracted Service Pack top level directory and run the

service_pack script to start the Service Pack installer:

 On Windows: .\service_pack.bat
 On Unix: ./service_pack.sh

8 Press the <ENTER> key when prompted to start the Service Pack installation procedure.
9 After the installation completes, log out and log back in to apply environmental variable

changes.

10 Repeat the above steps on every machine with Sentinel software installed. This is required for

all machines with any Sentinel software, including both Sentinel server and client software.

11 Restart the Sentinel services on all machines:

 On Windows, use Window s Se rvice Manager to start the “Sentinel” services.

”.

Windows needs

 On *NIX, run

12 This Service Pack also contains a mandatory patch for the Sentinel Database. Apply the

database patch by performing the appropriate steps in the section below for the database
platform you are using.

$ESEC_HOME/bin/sentinel.sh start

5 Sentinel Database Patch Installation

In addition to patching the Sentinel components, you must run a script to patch the database. The
instructions are different depending on which database you have.

 Section 5.1, “Sentinel Database Patch Installation on Oracle,” on page 4
 Section 5.2, “Sentinel Database Patch Installation on SQL Server,” on page 6

5.1 Sentinel Database Patch Installation on Oracle

There are several prerequisites for applying the Oracle database patch. The machine and account
from which the database patch is run must meet the following requirements:

 User has the Oracle client application sqlplus in its PATH.
 User has the environment variable ORACLE_HOME set to the directory where the Oracle

software is installed.

 User must be a member of the Oracle "dba" group.
 User has the Java 1.5 executable java in its PATH.

4 Novell Sentinel™ 6.1.1.0