10 Configuring Users and Roles
14.5 Sentinel Scripts
14.1
Managing the Sentinel Log Manager Services
The command line utilities included with Novell Sentinel Log Manager are useful for managing and configuring many lower level functions of the system.
Table 14-1 Useful commands
Services command
Starting Sentinel Log Manager Service /opt/novell/sentinel_log_mgr/bin/./ server.sh start
Stopping Sentinel Log Manager Service /opt/novell/sentinel_log_mgr/bin/./ server.sh stop
Verifying the status of Sentinel Log Manager Service /opt/novell/sentinel_log_mgr/bin/./ server.sh status
Verifying the version of Sentinel Log Manager /opt/novell/sentinel_log_mgr/bin/./ server.sh version
Restarting the Sentinel Log Manager /opt/novell/sentinel_log_mgr/bin/./ server.sh restart
Starting the database /opt/novell/sentinel_log_mgr/bin/./
server.sh start db
Stopping the database /opt/novell/sentinel_log_mgr/bin/./
server.sh stopdb Restart the Sentinel Log Manager service if it is
running
/opt/novell/sentinel_log_mgr/bin/./ server.sh try-restart
Forces the Sentinel Log Manager service to reload configuration.
/opt/novell/sentinel_log_mgr/bin/./ server.sh force-reload
14.2
Running the Report Development Utility
You can use the /opt/novell/sentinel_log_mgr/bin/report_dev_setup.sh utility to set up the report development environment. This utility does the following:
Opens the PostgreSQL database port so that other servers can connect to the Sentinel Log Manager database.
Updates the firewall to allow connection on the database port.
Modifies the database configuration files (postgresql.conf and pg_hba) so that other
applications can connect to the Sentinel Log Manager database. The database configuration files are located at $ESEC_DATA_HOME/3rdparty/postgresql/data.
Changes the rptuser password, if required and saves it in an encoded format in the obj- component.JasperReportingComponent.properties file. This password can be changed in the database as well.
Collects the required Sentinel Log Manager jar files, xml and keystore file for report development and creates a tar file sentineljarsforireport.tar, in the /opt/novell/ sentinel_log_mgr/bin directory.
To run this utility:
1 Specify the following command:
./report_dev_setup.sh
A warning message is displayed indicating that the Sentinel Log Manager server gets restarted after the script is executed.
2 To continue running the script, press 1.
3 Specify the root password when prompted.
The script opens the database port, updates the firewall configuration files, modifies the configuration files and database files.
4 When prompted to change the rptuser password, do one of the following:
4a Specify a password for rptuser when prompted. Specify a password and reconfirm the password when prompted.
4b Continue without changing the password.
NOTE: The rptuser password is randomly generated during the installation of Sentinel Log Manager. It is a recommended practice to change it here.
The Sentinel Log Manager Server restarts.
If you require any information or help on the usage of commands, specify the following command:
./report_dev_setup.sh -h
14.3
Getting the .jar Version Information
The following procedure describes how to gather the version information of Sentinel Log Manager t jar files for troubleshooting purposes:
Command Line Utilities 179 3 At the command line, specify the ./versionreader.sh <path/jar file name>.
Running the script without any arguments gives the version of the installed Sentinel Log Manager server. For more information on the arguments that can be used, specify the --help
command.
14.4
Reconfiguring Database Connection Properties
The primary settings in the configuration files that can be configured using the dbconfig utility are related to the database connection, including:
username
password
hostname
port number
database (database name)
server (PostgreSQL)
WARNING: Do not manually edit the database connection properties. Use the dbconfig utility to change any database connection values within the files.
To Reconfigure Database Connection Properties
1 Log in to the Novell Sentinel Log Manager server as novell user on UNIX.
2 Go to the /opt/novell/sentinel_log_mgr/bin directory.
3 Enter the following command:
dbconfig –a /etc/opt/novell/sentinel_log_mgr/config [-u username] [-p password] [-h hostname] [-t portnum] [-d database] [-s server] [-help] [-version]
For example,
dbconfig –a /etc/opt/novell/sentinel_log_mgr/config [-u username] [-p password] [-h hostname] [-t portnum] [-d database] [-s server] [-help] [-version]
Changing these settings might affect database performance and should be done with caution.
14.5
Sentinel Scripts
The /opt/novell/sentinel_log_mgr/bin directory contains some or all of the scripts mentioned below. The operational scripts are appropriate for use during normal operations of Sentinel Log Manager.
For most scripts that require arguments, running the scripts without arguments provides details about the arguments and usage of the script.
Table 14-2 Operational Scripts
Script File: Description:
dbconfig You can use this to configure the database connection settings. For more information, see “Reconfiguring Database Connection Properties” on page 179.
config_firewall.sh For more information, see “Listening on Ports Below 1024” on page 59. softwarekey.sh You can use this to add and view license key through the command line.
For more information, see Chapter 13, “License Information,” on page 171.
report_dev_setup.sh You can use this utility to set up the report development environment. For more information, see Section 14.2, “Running the Report Development Utility,” on page 178.
backup_util.sh You can use this script to back up and restore Sentinel Log Manager event data and configuration Data. For more information, see Appendix C, “Backing Up and Restoring Data,” on page 193.
updateServerLocale.sh This utility provides an option to change the language of Sentinel Log Manager server process. The Sentinel Log Manager server messages displayed in the user interface appear in the language you select. If the appliance language is changed through WebYast, you can use this script to change the language of the Sentinel Log Manager process in the server.
A
Search Query Syntax 181
A
Search Query Syntax
Sentinel Log Manager uses the Lucene query language for searching events. This section provides an overview of how to use the Lucene query language to perform searches in Sentinel Log Manager. For more advanced features, see Apache Lucene - Query Parser Syntax (http://lucene.apache.org/java/ 3_2_0/queryparsersyntax.html).
For information on the event fields in Sentinel Log Manager, click search tips on the top right corner in the Sentinel Log Manager Web interface. A table is displayed that lists the event names and their IDs.
Section A.1, “Basic Search Query,” on page 181
Section A.2, “Wildcards in Search Queries,” on page 186
Section A.3, “The notnull Query,” on page 188
Section A.4, “Tags in Search Queries,” on page 188
Section A.5, “Range Queries,” on page 189
Section A.6, “IP Addresses Query,” on page 189
A.1
Basic Search Query
A basic query is a search for a value on a field. The syntax is as follows:
msg:<value>
The field name (msg) is separated from the value by a colon.
For example, to search for a phrase that includes the word “authentication,” you can specify the search query as follows:
msg:authentication
Or, to search for events of severity 5, you can specify the search query as follows:
sev:5
If the value has spaces or other delimiters in it, you should use quotation marks. For example:
msg:"value with spaces"
Sentinel Log Manager classifies event fields as either tokenized fields or non-tokenized fields. A tokenized field is indexed and is searched differently than a non-tokenized field.