Updating allows you to replace the map source data file of a map on the server with another file. Your new map source data file must have the same delimiter, number of columns, and overall structure as the existing map data source file in order for the map to function properly after the update. The new map source data file should differ from the existing file only by the values that appear in the columns. If the new map source data file has a different structure than the existing file, use the Edit feature to update the map definition.
Map updates can be performed on demand from the Sentinel Control Center. To set up an automated process to update map data, you can run an equivalent process from the command line using map_updater.sh.
There are two map locations: the location referenced by the Event Map Configuration (which is a user-defined location) and the location where Sentinel stores its internal representation of the map (/var/opt/novell/sentinel/data/map_data). The internal representation of the map should never be manually updated.
To update the map data from the Sentinel Control Center:
If you haven’t already done so, create a CSV file containing the new map source data.
This file can be generated (for example, from a data dump script), created manually, or be an edited version of the existing map data source file. If necessary, you can obtain the existing map data source file from /var/opt/novell/sentinel/data/map_data.
Access a map definition.
For more information, see Accessing Map Definitions.
Expand the folder of interest and select the mapping, then click Update.
Select the new map data source file by clicking Browse and selecting the file with the new map data.
After you select the file, the data from the new map data source file displays under the New tab. The map data you are replacing is under the Current tab.
Deselect or leave the default setting for Backup Existing Data On Server.
Enabling this option puts a backup of the existing map data source file in the /var/opt/novell/sentinel/data/map_data folder. The prefix of the name of the backup map data source file is the name of the existing map data source file. The end of the filename includes a set of random numbers followed by the .bak suffix. For example: vuln_attacks10197.bak.
Click OK.
The data from the new map data source file is uploaded to the server, replacing the contents of the existing map data source file. After the source data is completely uploaded, the map data is regenerated and distributed to map clients such as, Collector Manager.
If you haven’t already done so, create a file containing the new map source data.
This file can be generated (for example, from a data dump script), created manually from scratch, or be an edited version of the existing map data source file. If needed, you can obtain the existing map data source file from one of the following locations
<install_directory>/data/map_data
Log into the Sentinel database.
Find the UUID for the map in the MD_CONFIG table (refer to the CONFIG_ID column for the appropriate map listed in the VALUE column).
On the Sentinel Server machine, log in as esecadm.
Run the following command:
map_updater.sh <uuid> <source path> [nobackup]
The data from the new map data source file is uploaded to the server, replacing the contents of the existing map data source file. After the source data is completely uploaded, the map data is regenerated and distributed to map clients (for example, Collector Manager).
Unless the optional -nobackup argument is added, the previous map data is saved in a backup file on the server. Enabling this option results in a backup of the existing map data source file being put in the <install_directory>/data/map_data folder. The prefix of the name of the backup map data source file is the name of the existing map data source file. The end of the filename contains a set of random numbers followed by the .bak suffix. For example: vuln_attacks10197.bak.