The NetIQ (formerly Novell) Sentinel Adapter allows Correlation Rule events to be communicated from Sentinel into Operations Center.
Some additional configurations are necessary to integrate with Sentinel:
Sentinel 6: A Sentinel SMTP Integrator must be configured to send events to the Sentinel Adapter for Operations Center and is used by the Generic Action for Sentinel. If you are already using the existing Sentinel Mail (SMTP) Integrator to send mail, you might need to create a new SMTP Integrator. The Sentinel Generic Event Forwarder is configured to collect all values for a triggered Correlation Rule and forward the values to the Sentinel Adapter.
Sentinel 7: A Sentinel Event Routing Rule and a
Action must be configured in order to be able to receive correlated events from the Sentinel Server.For more information about the Sentinel Generic Event Forwarder, see Sentinel Plug-ins.
To integrate NetIQ Sentinel:
To integrate to Novell Sentinel 6, do the following:
To configure a Sentinel SMTP Integrator, do the following:
From the
, click and select .Select the SMTP Integrator to be used for the Sentinel Adapter.
Click the Connection panel.
Specify the Host including IP address of the Managed Objects server and Port used by the Sentinel Adapter to receive events.
Test and save the configuration.
To configure the Generic Event Forwarder, do the following:
From the Sentinel Control Center, click
and select .Select Manage Plugins and click the + icon to add the action.
Select the
radio button.Click Next.
Browse to the .zip file for the Generic Event Forwarder and click
.Click
.Review the information for the action
Click
.Close the
panel.From the
panel, click the + icon to add another action.Specify the name for the new action (ie. Forward Events to Operations Center), and select the
from the drop-down list.Select the
from the Integrator drop-down list.Select the following values for the action in the
column values drop down list:Display Format: JSON
Display Data: All Data
From Address: Specify the from address
To Address: Specify the to address.
Subject: Specify the subject line.
Display Events: All Events
Click
.Close the
panel.To integrate to NetIQ Sentinel 7, do the following:
Download the following files from the JSON-lib Download Web site, and save them to the /OperationsCenter_install_path/integrations/ext/Sentinel directory:
json-lib-2.2.2-jdk15.jar
json-lib-ext-spring-1.0.2.jar
For more information the JSON-lib, see the JSON-lib Web site.
Verify the following JSON-lib dependencies are in your classpath;
jakarta commons-lang 2.5
jakarta commons-beanutils 1.8.0
jakarta commons-collections 3.2.1
jakarta commons-logging 1.1.1
ezmorph 1.0.4
For more information about dependencies, see the JSON-lib Web site.
Download the following files from your Sentinel Server at https://<SENTINEL SERVER IP ADDRESS>:8443/SentinelRESTServices/apidoc/DataObjectAPI.html, and save them to the /OperationsCenter_install_path/integrations/ext/Sentinel directory:
sentinel-client-base.jar
sentinel-client-base-java.jar
sentinel-client-beans.jar
sentinel-client-wfbeans.jar
To configure Sentinel to log to the Operations Center Sentinel Adapter via Syslog, do the following:
From the
, click and select .Under
, select .Select
tab in the right panel.Enter the IP address of the Operations Center server used by the Sentinel adapter to receive events in the
field.Select
from the drop-down list.Specify the port number in the
field.This must be the same port as specified in the
property for the Sentinel 7 Adapter in Operations Center.Click
.From the
, click and select .Select
and click .Select
in the drop down list.Then, define the following values in the
list:Integrator: Syslog
Display Format: JSON
Display Data: All Data
Display Events: All Events
Click
.Close the
panel.To configure a Sentinel Event Routing Rule do the following:
Open the Sentinel Web console by entering the following URL in a Web browser:
https://SentinelServerAddress:PortNumber
On the toolbar, click
. The Event Routing tab opens.Click
.Specify the name of the routing rule in the
field.For example, All Correlation Events.
Enter st:C in the field.
Verify the All radio button is selected for the option.
Select Log to Syslog in the drop-down list.
Verify that the information for the TCP Syslog Server Connection and Port, configured in Step 2.d, are correct.
Click
.Verify that
is selected for the Enabled setting.Create an adapter for each instance of a Novell Sentinel on the network. To integrate to Sentinel 7, select NetIQ Sentinel 7 for the adapter type. For Sentinel 6, select Novell Sentinel for the adapter type.
For information on creating an adapter, see Section 5.1, Creating an Adapter.
For more information about Novell Sentinel adapter properties, see Section A.27, NetIQ Sentinel.