How it Works
Novell
Loading...
L
N
O
P
Q
S
Loading...
Loading...
Sentinel Log Manager
ADMINISTRATION GUIDE
38 pgs751.85 Kb0
ADMINISTRATION GUIDE
168 pgs2.89 Mb0
Installation Guide
58 pgs652.58 Kb0
RELEASE NOTES
19 pgs346.87 Kb0
User Manual
55 pgs1.15 Mb0

Novell SENTINEL LOG MANAGER RELEASE NOTES

Novell Sentinel Log Manager 1.0.0.4 Release Notes
Novell®
February 08, 2010
Novell® SentinelTM Log Manager collects data from a wide variety of devices and applications, including intrusion detection systems, firewalls, operating systems, routers, Web servers, databases, switches, mainframes, and antivirus event sources. Novell Sentinel Log Manager provides high event-rate processing, long-term data retention, regional data aggregation, and simple searching and reporting functionality for a broad range of applications and devices.
Section 1, “What's New in Novell Sentinel Log Manager,” on page 1
Section 2, “System Requirements,” on page 5
Section 3, “Prerequisite,” on page 5
novdocx (en) 22 June 2009
Section 4, “Installation,” on page 5
Section 5, “Issues Fixed,” on page 7
Section 6, “Known Issues,” on page 14
Section 7, “Documentation Conventions,” on page 18
Section 8, “Legal Notices,” on page 18
1 What's New in Novell Sentinel Log Manager
The following sections list the new and enhanced features of Novell Sentinel Log Manager.
Section 1.1, “What’s New in Novell Sentinel Log Manager 1.0.0.4,” on page 1
Section 1.2, “Novell Sentinel Log Manager 1.0 Features,” on page 3
Section 1.3, “New Plug-Ins,” on page 5
1.1 What’s New in Novell Sentinel Log Manager 1.0.0.4
“New Data Collection User Interface” on page 1
“LDAP Authentication” on page 2
“Enhancements to the Search Result User Interface” on page 2
“New User Interface for Actions” on page 2
“Enhancement to the Admin User Interface” on page 2
1.1.1 New Data Collection User Interface
The new and enhanced data collection user interface enables you to perform several new tasks:
Refine all the event sources by using the new Event Sources screen.
Novell Sentinel Log Manager 1.0.0.4 Release Notes 1
Start and stop the audit and syslog event source server by using the new Event Source Servers
tab.
Set the time zone for event sources.
Search for events that are coming from one or many event sources.
For more information about data collection configuration, see “Configuring Data Collection” in the Novell Sentinel Log Manager 1.0.0.4 Administration Guide.
1.1.2 LDAP Authentication
Sentinel Log Manager now supports LDAP authentication in addition to the database authentication.
A new Authentication Type option has been added in the user > Add a user window of the Sentinel Log Manager, which enables you to create user accounts that use LDAP authentication.
For more information about configuring the Sentinel Log Manager server for LDAP authentication, see “User Administration” in the Novell Sentinel Log Manager 1.0.0.4 Administration Guide.
1.1.3 Enhancements to the Search Result User Interface
novdocx (en) 22 June 2009
The enhanced search result interface enables you to perform several new tasks:
Export search report results.
Send search results to an action.
Download the raw data files for the selected event result's event source by using the get raw
data link.
View new event fields information in the search results.
For example, it displays the Source IP address, Rawdata Record ID, Collector Script, Collector name, Collector Manager ID, Connector ID, and Event Source ID information for the incoming events.
View all the event fields information for the event source by using the show all fields link.
For more information about searching events and generating reports, see “Searching” in the Novell Sentinel Log Manager 1.0.0.4 Administration Guide.
1.1.4 New User Interface for Actions
The new user interface for actions allows you to create multiple action instances that you can also use while configuring rules. You can also view the number of rules that are associated with an action.
For more information about configuring rules and actions, see “Configuring Rules” in the Novell Sentinel Log Manager 1.0.0.4 Administration Guide.
1.1.5 Enhancement to the Admin User Interface
The new admin user interface enables you to assign new permissions for a user:
You can now allow users to view all reports that are stored on the server
Enable Sentinel Log Manager configuration reporting
You can now set a filter for the events a user can view.
2 Novell Sentinel Log Manager 1.0.0.4 Release Notes
For more information about configuring users, see “User Administration” in the Novell Sentinel Log Manager 1.0.0.4 Administration Guide.
1.2 Novell Sentinel Log Manager 1.0 Features
“Installation and Deployment” on page 3
“Data Collection” on page 3
“Data Storage and Management” on page 4
“Reporting and Searching” on page 4
“Architecture Options” on page 5
1.2.1 Installation and Deployment
Novell Sentinel Log Manager is easy to install and deploy for data collection, storage, reporting, and searching of log data. Installation of Novell Sentinel Log Manager includes installation of the Sentinel Log Manager server, Web server, reporting server, and configuration database.
novdocx (en) 22 June 2009
1.2.2 Data Collection
Novell Sentinel Log Manager can collect and manage data from event sources that generate logs to syslog, windows event log, files, databases, SNMP, Novell Audit, SDEE, Check Point OPSEC, and other storage mechanisms and protocols.
Novell Sentinel Log Manager contains enhanced web-based user interface support for Syslog and Novell Audit connectivity to make it even easier to start collecting logs from event sources. You can direct all the logs to Sentinel Log Manager.
Messages from recognized data sources are parsed into fields such as target IP address and source username. Messages from unrecognized data sources are placed intact into a single field for storage, search, and reporting. All data can be filtered to drop unwanted events.
For a complete list of supported event sources, see “Supported Event Sources” (http://
www.novell.com/documentation/novelllogmanager10/novell_log_manager/data/bhmwq0w.html) in
the Novell Sentinel Log Manager Guide.
Novell Sentinel Log Manager collects data using a wide variety of connection methods:
Syslog Connector automatically accepts and configures syslog data sources that send data over
the standard user datagram protocol (UDP), reliable transmission control protocol (TCP), or secure transport layer system (TLS).
Audit Connector automatically accepts and configures audit-enabled Novell data sources.
File Connector reads log files.
SNMP Connector receives SNMP traps.
JDBC* Connector reads from database tables.
WMS Connector accesses Windows* event logs on desktops and servers.
SDEE Connector for Cisco* devices.
LEA Connector for Check Point* devices.
Novell Sentinel Log Manager 1.0.0.4 Release Notes 3
Sentinel Link Connector accepts data from other Novell Sentinel Log Manager servers.
Process Connector accepts data from custom-written processes that output event logs.
You can also purchase an additional license to download connectors for SAP* and mainframe operating systems.
To get the license, either call 1-800-529-3400 or contact Novell Technical Support (http://
support.novell.com).
For more information about configuring the connectors, see the connector documents at Sentinel
Content Web site (http://support.novell.com/products/sentinel/sentinel61.html).
For more information about data collection configuration, see “Configuring Data Collection” (http:/
/www.novell.com/documentation/novelllogmanager10/novell_log_manager/data/bjxe7z1.html) in
the Novell Sentinel Log Manager Guide.
1.2.3 Data Storage and Management
Novell Sentinel Log Manager stores all of the log data in a compressed file format. Data can be archived locally or on a remotely-mounted CIFS or NFS share. You can set up data retention policies to configure the system to keep some data for longer time periods and other data for shorter time periods.
novdocx (en) 22 June 2009
For more information about system requirements, see “System Requirements” (http://
www.novell.com/documentation/novelllogmanager10/novell_log_manager/data/bjx8zq7.html) in
the Novell Sentinel Log Manager Guide.
For more information about data storage configuration, see “Configuring Data Storage” (http://
www.novell.com/documentation/novelllogmanager10/novell_log_manager/data/bjxe7z1.html) in
the Novell Sentinel Log Manager Guide.
1.2.4 Reporting and Searching
Novell Sentinel Log Manager can perform full text searches of all the stored event data or perform focused searches against particular event fields, such as source username. Such searches can be further refined, saved for future review, filtered, and formatted by applying a report template to the results.
Sentinel Log Manager has pre-installed reports and also has the ability to upload additional reports. Reports can be run as per a planned scheduled or for an unplanned requirement.
For more information on list of default reports, see “Sentinel Log Manager Reports” (http://
www.novell.com/documentation/novelllogmanager10/novell_log_manager/data/bl5jfoz.html) in the
Novell Sentinel Log Manager Guide.
Searches and reports can run against both online and archived data.
For more information about searching events and generating reports, see “Searching” (http://
www.novell.com/documentation/novelllogmanager10/novell_log_manager/data/bk76y16.html) and “Reporting” (http://www.novell.com/documentation/novelllogmanager10/novell_log_manager/ data/bjxdi87.html) respectively in the Novell Sentinel Log Manager Guide.
4 Novell Sentinel Log Manager 1.0.0.4 Release Notes
1.2.5 Architecture Options
Collector managers for Sentinel Log Manager manage all of the data collection processes and data parsing. A Collector Manager is included in the Sentinel Log Manager server installation, but you can also install multiple collector managers throughout your enterprise. Remote collector managers provide several benefits:
Distributed event parsing and processing to improve system performance.
Co-location with event sources, which allows filtering, encryption, and data compression at the
source. This can provide additional data security and decrease network bandwidth requirements.
Installation on additional operating systems (for example, installation on Microsoft*
Windows* to enable data collection using the WMI protocol).
File caching, which enables the remote collector manager to cache large amounts of data while
the server is temporarily busy performing archiving or processing a spike in events. This is an advantage for protocols, such as syslog, that do not natively support event caching.
Sentinel Link can be used to forward event data from one Sentinel Log Manager to another. With a hierarchical set of Sentinel Log Managers, complete logs can be retained at multiple regional locations while more important events are forwarded to a single Sentinel Log Manager for centralized search and reporting.
novdocx (en) 22 June 2009
In addition, Sentinel Link can forward important events to Novell Sentinel, a full Security Information Event Management (SIEM) system, for advanced correlation, incident remediation, and injection of high-value contextual information such as server criticality or identity information from an identity management system.
1.3 New Plug-Ins
A new Generic Forwarder Action 6.1r2 plug-in has been added to send search results to an action instance.
2 System Requirements
For a detailed information on hardware requirements and supported operating systems, browsers, and event sources, see “System Requirements” (http://www.novell.com/documentation/
novelllogmanager10/novell_log_manager/data/bjx8zq7.html) in the Novell Sentinel Log Manager
Guide.
3 Prerequisite
The Sentinel Log Manager Hot fix 4 (1.0.0.4) should be installed on top of an existing Sentinel Log Manager 1.0.0.0 or 1.0.0.1 or 1.0.0.2 or 1.0.0.3 installation.
4 Installation
IMPORTANT: The Sentinel Log Manager Hot fix 4 (1.0.0.4) must be installed on the Sentinel Log Manager server and all the Collector Managers running on remote machines. This hotfix does not update the Collector Manager installer script that you can download from the Sentinel Log Manager
Novell Sentinel Log Manager 1.0.0.4 Release Notes 5
web server. Hence, regardless of whether you have installed a Collector Manager before or after applying the hotfix on the Sentinel Log Manager server, it is mandatory to apply this hotfix to all the Collector Managers.
Section 4.1, “On a Sentinel Log Manager Server,” on page 6
Section 4.2, “On a Remote Collector Manager,” on page 6
4.1 On a Sentinel Log Manager Server
To perform a quick and simple installation of Novell Sentinel Log Manager 1.0.0.4 on a Sentinel Log Manager server:
novdocx (en) 22 June 2009
1 Log in to the Sentinel Log Manager as the
The
novell
user is created during the Sentinel Log Manager installation process and does not
novell
user.
have a password by default. Therefore, you can create a password in order to log in as this user, or you can su - to this user.
2 Download or copy the installer
SENTINEL_LOG_MANAGER_1.0.0.4.zip
to a temporary
directory.
3 Change to the temporary directory.
4 Unzip the install package by using the following command:
unzip SENTINEL_LOG_MANAGER_1.0.0.4.zip
5 Change to the unzipped directory.
cd SENTINEL_LOG_MANAGER_1.0.0.4
6 (Optional) Stop the Sentinel Log Manager services by using the following command:
Installation_Directory/bin/server.sh stop
7 Run the hotfix installer and follow the prompts.
./service_pack.sh
4.2 On a Remote Collector Manager
“Installing on Unix” on page 6
“Installing on Windows” on page 7
4.2.1 Installing on Unix
1 Log in to the Sentinel Log Manager as the
2 Download or copy the installer
SENTINEL_LOG_MANAGER_1.0.0.4.zip
directory.
3 Change to the temporary directory.
4 Unzip the install package by using the following command:
unzip SENTINEL_LOG_MANAGER_1.0.0.4.zip
5 Change to the unzipped directory.
cd SENTINEL_LOG_MANAGER_1.0.0.4
6 (Optional) Stop the Collector Manager by using the following command:
Installation_Directory/bin/sentinel.sh stop
6 Novell Sentinel Log Manager 1.0.0.4 Release Notes
root
user.
to a temporary
Loading...
+ 13 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use