CMP 1.1 allows you to forward event data from the Sentinel repository to the EAS repository. To configure event forwarding from Sentinel to EAS, you need to configure some components on both the Sentinel and EAS servers.
For CMP 1.1, a new utility has been provided for creating the Sentinel Link Server in EAS. This utility is called the EAS Sentinel Link Configuration Utility.
In order for the Sentinel server to receive events, a Link Connector must be configured. The Sentinel documentation provides information about creating a Link Connector. For background information on creating a Link Connector, see the Sentinel Link Solution Guide.
IMPORTANT:The EAS Sentinel Link Configuration Utility removes the need to perform the steps in Section 2 of the Sentinel Link Solution Guide.
To configure event forwarding from Sentinel to EAS, you need to have the EAS Sentinel Link Configuration Utility (eas_link_configure). You can download the EAS Sentinel Link Configuration ZIP file (eas_link_configure.zip file) from the Novell Downloads page.
This utility creates a Sentinel Link Server in the EAS server environment. The Connector and Collector are automatically created after a restart of EAS, when events begin being sent.
The eas_link_configure utility takes the following values as arguments on the command line:
The password for dbauser
An Action, which is one of the following values:
create: Creates and establishes a new Sentinel Link Server
remove: Removes an existing Sentinel Link Server
update: Modifies an existing Sentinel Link Server name or port
list: Lists any existing Sentinel Link Servers that are configured
After running the eas_link_configure utility, you must restart the EAS server in order for the changes to take effect.
To get help with the utility, you can run this command: eas_sentinel_link help
Help will give you the following usage information: Usage: eas_link_configure.sh password { create | remove | update | list }
To configure EAS to receive events, you need to create a Sentinel Server in EAS. This section provides instructions for doing this.
To configure EAS to receive events:
Disable history in the shell in order to avoid retention in the shell history of the password specified on the command line.
Unzip eas_link_configure.zip.
Change directory to the unzipped utility.
Modify db_connnection.properties to reflect values for your EAS PostgreSQL database:
server=PostgreSQL
hostname=localhost
portnum=15432
database=SIEM
username=dbauser
Modify eas_link_configure.properties to specify the name of the Sentinel Link Server and the port it will listen on:
sentinelLinkName=Sentinel Link Server ALL:1290
sentinelLinkPort=1290
Optionally, set the ESM_UTIL_ROOT property. The value of ESM_UTIL_ROOT is set to the current directory by default. You may also set it to an explicit value.
Set the JAVA_HOME variable to point to the JDK home directory.
Run the eas_link_configure utility with a command that follows this format:
eas_link_configure dbauser_password <Action>
Examine the eas_link_configure.log file. All information and error output is written to the eas_link_configure.log file. View the log file for further details on the information or the errors.
The eas_link_configure.sh script will report if errors are found. After correcting the errors reported in the eas_link_configure.log, run the eas_link_configure utility again.
If no errors are reported for create, update, and delete actions, restart EAS in order for the changes to take effect.
To verify that the server has been successfully created:
Go to the Sentinel Link Integrator in Sentinel RD Control Center and use the
button to confirm success of the EAS Sentinel Link Server.Verify that events are arriving in EAS by generating a report.
Query the events table in the EAS database to verify events are being forwarded successfully. Here a sample SQL query that uses a time range to verify the events:
select * from EVENTS where EVT_TIME > '2011-01-13 09:00' AND EVT_TIME < '2011-01-13 10:00';
If the events are not being forward properly, check the EAS log files for errors.
If history is not disabled in your shell, then you are strongly advised to clear the history now in order to avoid retention of the PostgreSQL password in any history contents.
This section provides instructions for configuring a Sentinel server to send events to EAS. These instructions describe the approach Novell recommends for an initial setup.
NOTE:If you use a different method to configure a Sentinel server to send events to EAS, you need to be sure that all events are sent. If you do not send all events, your Identity Manager reports will not run successfully.
Detailed steps for configuring a Sentinel server to send events to another Sentinel system are provided in Section 3 of the Sentinel Link Solution Guide. If you want to refine your configuration after performing the steps below, you should refer to this document for additional information.
To configure a Sentinel server to send events to EAS:
Log in to your Sentinel server as user novell
.
Set a password for user novell
if you have not done so already. The Sentinel installer creates the user novell
without password credentials.
Download the Sentinel Link Solution (June 2010 6.1r4) from Sentinel Link Solution Downloads.
Unzip the downloaded Sentinel Link Solution package.
Start Sentinel Control Center.
Import the new Integrator for the Sentinel Link Solution:
In the Novell Sentinel Control Center, select
. The Integrator Manager window displays.Click
.Click the
(plus sign) icon in the Integrator Plugin Manager window.The Plugin Import Type window displays.
Select
, then click .The Choose Plugin Package File window displays.
Click slink_integrator.zip file and click .
to locate theClick
.Dismiss the dialogs.
From the Integrator Manager interface, configure an Integrator:
Click the
icon in the bottom left corner.Choose
from the drop downSpecify a name for your Integrator, such as Sentinel Link Integrator to EAS
.
Specify a new SL - Sentinel Link
.
Provide a description for the Integrator in the
field.Click
.Specify the IP address of the EAS Server in the
text field.Specify the port number for the Sentinel Link configured on EAS. The default is 1290.
Click
on each of the remaining dialogs.Click
.Import the Action plugin:
In the Sentinel Control Center, select
.In the Action Manager window, click
.In the Action Plugin Manager, click the
(plus sign) icon.In the Import Plugin wizard, select
, then click .Click Sentinel-Link_6.1r3.acz.zip file and click .
to locate theClick
.Click
.Create a new Action:
In Action Manager, click the
(plus-sign) icon.Specify an SLinkEAS
).
Choose
from the drop downChoose your Sentinel Link Integrator.
Click
.Dismiss the Action Manager dialog.
Create the Global Filters:
In the Sentinel Control Center, click on the
tab.In the left navigation bar, select
.Click
.Click the button under
. Perform the steps below for each of the following product names (note that some of the products have more than one name):Novell Identity Manager
Novell eDirectory and EDIRECTORY
Identity Vault
Novell Modular Authentication
Novell iManager
Click
.Specify a
.Set ProductName.
toSet =).
to the equals sign (Set
to one of the product names listed above.Click
.From the Global Filter Configuration dialog, perform these steps for each of the Filter Names you just created:
Click
.Select your newly created filter.
Check the
check box.Set SLinkEAS
, in this example).
Set
to database.Click
.