3.2 Configuring Networked Storage Locations

All closed data files are copied from the local storage location to the networked storage location. The original files are retained on Sentinel Log Manager to facilitate faster searches. However, if the Sentinel Log Manager server disk space usage nears a user-defined threshold, duplicate data files are deleted from the Sentinel Log Manager server.

NOTE:While configuring networked storage, ensure that the networked storage location is larger than the local storage to avoid data loss. For more information on data storage requirement estimation, see Data Storage Requirement Estimation in the Sentinel Log Manager 1.2 Installation Guide.

3.2.1 Supported Storage Options

The Novell Sentinel Log Manager supports the following types of storage options:

  • Local Storage or SAN: The local storage or Storage Area Network (SAN) option includes storage that is attached directly to the Sentinel Log Manager machine. This option provides the best combination of performance, security, and reliability.

  • SMB or CIFS: The SMB protocol is also known as CIFS protocol. The latest implementation from Microsoft is referred to as SMB 2.

  • NFS: The NFS protocol requires significant configuration to improve performance and security, and it is recommended only if you already have a well-established NFS infrastructure in your environment.

    If the networked storage is an NFS server, additional configuration is necessary to ensure that the Sentinel Log Manager server has the necessary permissions. See Exporting the Networked Storage Volume for more information.

WARNING:Only one Sentinel Log Manager should be configured to use a particular networked storage directory (remote share). Configuring the same networked storage location across multiple Sentinel Log Manager servers can cause system failure.

3.2.2 Types of Networked Storage

You can enable networked storage on Sentinel Log Manager for both the raw data and event data.

Raw Data Storage

A raw data file can be in the .open state when the data is currently being written, in the .log state when the data is no longer being written to the file but the file is not yet compressed, or in the .zip state when the file is compressed. The file compression process runs every 10 minutes, by default. These compressed files appear in both the local storage and networked storage locations if networked storage is configured and enabled.

If networked storage is configured and enabled, compressed raw data files are copied to the configured networked storage location every 15 minutes.

For more information on raw data storage, see Raw Data Storage.

Event Data Storage

You can enable and configure networked storage for event data stored on the Sentinel Log Manager server.

If networked storage is enabled, the closed files are moved to networked storage every midnight UTC and also whenever the server starts. These files are compressed in the local storage location, but the file indexes are compressed before moving to the networked storage. If the networked storage location is not configured or if there is any problem while moving the closed files, attempts are made every 60 seconds to move the files to networked storage until it succeeds.

3.2.3 Configuring Networked Storage

NOTE:The NFS, SMB or CIFS, and SAN must be configured so that Sentinel Log Manager has read and write permissions.

For CIFS and NFS, if multiple Sentinel Log Manager instances are moving the closed partitions to the same networked storage location, ensure that each Sentinel Log Manager instance has its own unique directory on that networked storage location.

Configuring a SAN/Local Directory as a Networked Storage Location

This is the preferable configuration for the best performance, security, and reliability.

  1. Log in to Sentinel Log Manager as an administrator.

  2. Click the storage link in the upper left corner of the page.

  3. Click the Configuration tab.

    The configuration page is displayed.

  4. From the Data Storage Location section, select SAN (locally mounted) as the networked storage location.

  5. In the Location field, specify the local directory path or the location on which the storage area network (SAN) is mounted.

    The SAN partition you must be manually mounted before the location is specified.

  6. Click Test to check if the write permissions for the specified location are available.

    If the location is configured properly, a message is displayed confirming that the test is successful.

    If the location is not configured, the test fails, the reason for failure is displayed.

  7. Click Save to configure the specified networked storage location.

Configuring an SMB or CIFS Server as a Networked Storage Location

  1. Log in to Sentinel Log Manager as an administrator.

  2. Click the storage link in the upper left corner of the page.

  3. Click the Configuration tab.

  4. In the Data Storage Location section, select CIFS.

  5. Specify the following information

    Server: Specify the IP address or hostname of the machine where the CIFS server, also known as the SMB server is configured.

    Share: Specify the share name of the SMB or CIFS server.The mounted shares are unmounted when the server stops and are mounted again when the server starts. If the configured share unmounts, the Sentinel Log Manager server detects this and mounts it again.

    Username: Specify the username (if one is assigned) to access the share.

    Password: Specify the password (if one is assigned) to access the share.

    Mount Options: Specifies the options that are used while mounting the networked storage location of the SMB or the CIFS server.

    You can also specify a new mount options. For more information about the available NFS mount options, see the mount.cifs (8) - Linux man page.

    The default mount options are file_mode=0660,dir_mode=0770.

  6. (Optional) Click Restore Defaults to restore the default mount options.

  7. Click Test to mount the SMB or CIFS server and to check the write permissions on the server. If the CIFS server is configured properly, a message is displayed that the test is successful.

    If the CIFS server is not configured, the test fails, and the reason for failure is displayed.

  8. Click Save to configure the specified networked storage location.

Configuring an NFS Server as a Networked Storage Location

The NFS protocol requires significant configuration to improve performance and security, and it is recommended only when you already have a well-established NFS infrastructure in your environment.

Exporting the Networked Storage Volume

The NFS server needs to export (share) the networked storage volume to the Sentinel Log Manager server so that the networked storage is readable by the root user on the Sentinel Log Manager server. The settings described in this section indicate one method to achieve this readability:

  • The NFS server must have a user and a group with a UID and a GID that correspond to the novell user and group on the Sentinel Log Manager server.

    In the following examples, the user on the NFS server is novell with UID=5555 and the group is novell with GID=5555. The Sentinel Log Manager server has the hostname log-manager-server, which can be resolved by the NFS server.

  • The networked storage destination directory on the NFS server must be owned by the novell user and group. In the following examples, the networked storage destination is /archive.

  • The root user on the Sentinel Log Manager server must be mapped to the novell user and group on the NFS server.

    • Linux: Add the following line to the /etc/exports file:

      /archive log-manager=server(rw,root_squash,anonuid=5555,anongid=5555)

    • Solaris: Add the following line to the /etc/dfs/dfstab file:

      /usr/bin/share -F nfs -o sec=sys,rw=log-manager-server,anon=5555 -d "/archive” /archive

    • HP-UX: Add the following line to the /etc/exports file:

      archive -access=log-manager-server,anon=5555

You can speed up the archiving process by adding the async option. However, this might increase the risk of lost or corrupt networked storage if the NFS server crashes. The following examples demonstrate using the async option:

  • Linux: Add the following line to the/etc/exports file:

    /archive log-manager=server(rw,root_squash,anonuid=5555,anongid=5555),async

  • HP-UX: Add the following line to the /etc/exports file:

    archive -access=log-manager-server,anon=5555,async

For information on security recommendations for NFS, see Section 2.1.3, Securing Sentinel Log Manager Data.

Configuring NFS as a Networked Storage Location

You must configure networked storage in the Sentinel Log Manager administrator interface as follows:

  1. Log in to Sentinel Log Manager as an administrator.

  2. Click the storage link in the upper left corner of the page.

  3. Click the Configuration tab.

  4. In the Data Storage Location section, select the NFS option.

  5. Specify the following information:

    Server: Specify the IP address or hostname of the machine where the NFS server is configured.

    Share: Specify the share name of the NFS server.

    The mounted shares are unmounted when the server stops and are mounted again when the server starts. If the configured share unmounts, the Sentinel Log Manager server detects this and mounts it again.

    Mount Options: Specifies the options that are used while mounting the networked storage location of the NFS server.

    You can also specify a new mount options. For more information about the available nfs mount options, see NFS (5) Linux Programmer’s Manual.

    The default mount options are soft,proto=tcp,retrans=1,timeo=60.

  6. (Optional) Click Restore Defaults to restore the default mount options.

  7. Click Test to verify the configuration of the NFS server and to check the write permissions on the server. If the NFS server is configured properly, a message is displayed that the test is successful.

    If the NFS server is not configured, the test fails and the reason for failure is displayed.

    This procedures tests a subset of all of the settings that are necessary for the NFS server and client.

  8. Click Save to configure the specified networked storage location.

3.2.4 Enabling or Disabling Networked Storage

The options to enable and disable uncorked storage appear only when the data storage location is configured. However, event search and reporting work even when the data storage is disabled.

  1. Log in to Sentinel Log Manager as an administrator.

  2. Click the storage link in the upper left corner of the page.

  3. Click the Configuration tab.

  4. To enable writing to data storage location, select Enabled.

    You can write both the raw data and event data to the configured networked storage location.To configure the networked storage locations, refer to Configuring Networked Storage.

  5. To disable writing to the data storage location, select Disabled.

    This selection disables the writing of raw data and event data storage.

    You cannot write to the data storage location, but you can still read the stored data. Search shows the events that are stored, and you can also download the stored raw data.

  6. Click Save.

3.2.5 Unmounting a Networked Storage Location

If the networked storage location is unmounted, data storing is disabled and searches and reports results include only the local storage data. The Unmount Networked Storage option appears only if the data storage location is configured.

  1. Log in to Sentinel Log Manager as an administrator.

  2. Click the storage link in the upper left corner of the page.

  3. Click the Configuration tab.

  4. To unmount the data storage location, select Unmount Networked Storage.

    A confirmation message is displayed, asking if you really want to unmount the networked storage.

    If you unmount networked storage, Sentinel Log Manager can no longer access the data in the networked storage. If the networked storage location is configured to a remote location such as NFS or SMB/CIFS, the networked storage location is unmounted.

  5. Click Unmount Networked Storage.

3.2.6 Changing the Networked Storage Location

  1. Log in to Sentinel Log Manager as an administrator.

  2. Click the storage link in the upper left corner of the page.

  3. Click the Configuration tab.

  4. In the Data Storage Location section, select Change Location.The Change Location option is displayed only if the networked storage location is configured.

    A confirmation message is displayed, asking if you want to change the networked storage location.

  5. Click Change Location.

    The following page allows you to configure a new networked storage location.

  6. Select the option to disable data collection.

    You can select this option to avoid filling up the local storage before data is being moved to the new location. If this option is not selected and if the local storage is filled up before the new data storage location is configured, the oldest data is deleted to make space for the incoming data.

  7. Configure the new data storage location.

    For more information about configuring the NIFS or SMB/CIFS or local/SAN networked storage locations, see Configuring Networked Storage.

  8. Click Save to save the changes and configure the new networked storage location.

  9. Manually copy the files from the old networked storage location to the new networked storage location.

  10. After copying the files, select the Copy Done option to start data storage at the new location.

  11. (Optional) Click Cancel to return to the previous networked storage configuration.