6.4 Adding Report Definitions

Reports in Sentinel Log Manager are designed as plug-ins (special .zip or .rpz files that include the report definition in addition to the metadata and resources used by the report). New or updated reports can be uploaded into Sentinel Log Manager by users who are members of a role with the Manage Reports permission.

The primary sources for new or updated reports are:

New or modified reports can include additional database fields that are not presented in the Sentinel Log Manager interface. They must adhere to the file and format requirements of the report plug-ins. For more information about database fields and file and format requirements for report plug-ins, see the Sentinel SDK Web site.

This section has the following information:

6.4.1 Extracting Reports from Collector Packs

Collector Packs contain the event source setup instructions, associated scripts, utilities, and the Sentinel Log Manager reports specific to the data of the associated Collector. The Collector Pack Extractor utility allows you to extract the Collector pack contents. You can use the instructions and scripts to configure the associated event sources. The reports that are extracted from the new Collector can be uploaded to the Sentinel Log Manager. These Collector Packs are available on the Sentinel Content Web site.

To extract the reports from the Collector Packs:

  1. Copy the Collector Packs from where you want to extract the event source setup instructions, associated scripts and utilities, and Sentinel Log Manager reports to a temporary directory.

  2. Download the Collector Pack Extractor from the Sentinel Content Web site. It is available under the Utilities tab.

  3. Copy the cpextractor.jar file to the directory. where you copied the Collector Packs.

  4. Execute the jar file in one of the following ways, depending on your operating software:

    • On Windows: Double-click the jar file (if the Java environment is properly configured)

    • On Linux: Run the java -jar cpextractor.jar command.

    For each Collector Pack, a new directory is created with the same base name of the Collector. The newly created directory contains the following:

    • jasperreports: A subdirectory that contains all the extracted Sentinel Log Manager reports.

    • instructions.txt: (Optional) A text file with the required instructions to configure the event source.

    This directory can also contain additional files required for the event source configuration.

  5. To proceed with event source configuration, follow the instructions provided in Section 4.4, Configuring Data Collection for Other Event Sources.

  6. For any additional steps required to configure event source, follow the steps given in the instructions.txt file. To add a report, see Adding Report Definitions.

6.4.2 Adding or Uploading a Report

Use the following procedure to add or upload a report:

  1. Log in to Sentinel Log Manager.

  2. In the Reports section.

  3. Click the more drop-down list in the Report Viewer pane and select Upload.

  4. Browse and select the report plug-in .zip, .rpz, or .spz file from your local machine.

  5. Click Open.

  6. Click Upload.

    The new report definition is added to Report Template list in alphabetical order and can be run immediately, if necessary.

Sentinel Log Manager verifies the unique ID of the report to determine whether an older or identical version of the report already exists in the report repository. If it does, Sentinel Log Manager displays the details of both the reports so that the user can decide whether to cancel the action or replace the existing report with the current report.

If the same report already exists in the report repository, decide based on the unique ID of the report whether to replace the existing report or not.

Sentinel Log Manager displays details of both the reports.