14.1 Performing Interactive Installation

This section provides information about standard and custom installation.

14.1.1 Sentinel Server Standard Installation

Use the following steps to perform a standard installation:

  1. Download the Sentinel installation file from the Downloads website:

  2. Specify at the command line the following command to extract the installation file.

    tar zxvf <install_filename>

    Replace <install_filename> with the actual name of the install file.

  3. Change to the directory where you extracted the installer:

    cd <directory_name>

  4. Specify the following command to install Sentinel: 

    ./install-sentinel

    or

    If you want to install Sentinel on more than one system, you can record your installation options in a file. You can use this file for an unattended Sentinel installation on other systems. To record your installation options, specify the following command:

    ./install-sentinel -r <response_filename>

  5. Specify the number for the language you want to use for the installation, then press Enter.

    The end user license agreement is displayed in the selected language.

  6. Press the Spacebar to read through the license agreement.

  7. Enter yes or y to accept the license and continue with the installation.

    The installation might take a few seconds to load the installation packages and prompt for the configuration type.

  8. When prompted, specify 1 to proceed with the standard configuration.

    Installation proceeds with the default evaluation license key included with the installer. At any time during or after the evaluation period, you can replace the evaluation license with a license key you have purchased.

  9. Specify the password for the administrator user admin.

  10. Confirm the password again.

    This password is used by admin, dbauser, and appuser.

    The Sentinel installation finishes and the server starts. It might take few minutes for all services to start after installation because the system performs a one-time initialization. Wait until the installation finishes before you log in to the server.

To access the Sentinel Main interface, specify the following URL in your web browser:

https://IP_AddressOrDNS_Sentinel_server:8443/sentinel/views/main.html

Where IP_AddressOrDNS_Sentinel_server is the IP address or DNS name of the Sentinel server and 8443 is the default port for the Sentinel server.

14.1.2 Sentinel Server Custom Installation

If you are installing Sentinel with a custom configuration, you can customize your Sentinel installation by specifying your license key, setting a different password, specifying different ports, and so on.

  1. If you want to enable scalable storage, complete the prerequisites specified in Section 13.0, Installing and Setting Up Scalable Storage.

  2. Download the Sentinel installation file from the Downloads website:

  3. Specify at the command line the following command to extract the installation file.

    tar zxvf <install_filename>

    Replace <install_filename> with the actual name of the install file.

  4. Specify the following command in the root of the extracted directory to install Sentinel: 

    ./install-sentinel

    or

    If you want to use this custom configuration to install Sentinel on more than one system, you can record your installation options in a file. You can use this file for an unattended Sentinel installation on other systems. To record your installation options, specify the following command:

    ./install-sentinel -r <response_filename>

  5. Specify the number for the language you want to use for the installation, then press Enter.

    The end user license agreement is displayed in the selected language.

  6. Press the Spacebar to read through the license agreement.

  7. Enter yes or y to accept the license agreement and continue with the installation.

    The installation might take a few seconds to load the installation packages and prompt for the configuration type.

  8. Specify 2 to perform a custom configuration of Sentinel.

  9. Enter 1 to use the default evaluation license key

    or

    Enter 2 to enter a purchased license key for Sentinel.

  10. Specify the password for the administrator user admin and confirm the password again.

  11. Specify the password for the database user dbauser and confirm the password again.

    The dbauser account is the identity used by Sentinel to interact with the database. The password you enter here can be used to perform database maintenance tasks, including resetting the admin password if the admin password is forgotten or lost.

  12. Specify the password for the application user appuser and confirm the password again.

  13. Change the port assignments for the Sentinel services by entering the desired number, then specifying the new port number.

  14. After you have changed the ports, specify 7 for done.

  15. Enter 1 to authenticate users using only the internal database.

    or

    If you have configured an LDAP directory in your domain, enter 2 to authenticate users by using LDAP directory authentication.

    The default value is 1.

  16. If you want to enable Sentinel in FIPS 140-2 mode, enter y.

    1. Specify a strong password for the keystore database and confirm the password again.

      NOTE:The password must be at least seven characters long. The password must contain at least three of the following character classes: Digits, ASCII lowercase letters, ASCII uppercase letters, ASCII non-alphanumeric characters, and non-ASCII characters.

      If an ASCII uppercase letter is the first character or a digit is the last character, they are not counted.

    2. If you want to insert external certificates into the keystore database to establish trust, press y and specify the path for the certificate file. Otherwise, press n

    3. Complete the FIPS 140-2 mode configuration by following the tasks mentioned in Section 24.0, Operating Sentinel in FIPS 140-2 Mode.

  17. If you want to enable scalable storage, enter yes or y to enable scalable storage.

    IMPORTANT:Once you enable scalable storage, you cannot revert the configuration unless you re-install Sentinel.

    1. Specify the IP addresses or hostnames and port numbers of the scalable storage components.

    2. (Conditional) If you want to exit scalable storage configuration and proceed with Sentinel installation, enter no or n.

    3. After the Sentinel installation is done, complete the scalable storage configuration mentioned in the section Post-Installation Configuration for Scalable Storage.

The Sentinel installation finishes and the server starts. It might take few minutes for all services to start after installation because the system performs a one-time initialization. Wait until the installation finishes before you log in to the server.

To access the Sentinel Main interface, specify the following URL in your web browser:

https://IP_AddressOrDNS_Sentinel_server:8443/sentinel/views/main.html

Where <IP_AddressOrDNS_Sentinel_server> is the IP address or DNS name of the Sentinel server and 8443 is the default port for the Sentinel server.

Post-Installation Configuration for Scalable Storage

  1. Log in to the SSDM server.

  2. Clear your browser cache to view the Sentinel version you installed.

  3. To view events and alerts, add the Elasticsearch node included in SSDM to the Elasticsearch cluster you have setup for scalable storage:

    In the local Elasticsearch node, open /etc/opt/novell/sentinel/3rdparty/elasticsearch/elasticsearch.yml file and add the following information:

    • cluster.name: <Elasticsearch_cluster_name>

    • node.name: <node_name>

    • discovery.zen.ping.unicast.hosts:["<FQDN of elasticsearch node1>", "<FQDN of elasticsearch node2>", and so on"]

    In all the external Elasticsearch nodes, open /etc/elasticsearch/elasticsearch.yml and update

    discovery.zen.ping.unicast.hosts:["<FQDN of elasticsearch node1>", "<FQDN of elasticsearch node2>", and so on"]

    NOTE:Ensure that the values of the parameters in the local elasticsearch.yml file and the elasticsearch.yml file in external Elasticsearch nodes are same except network.host and node.name as these values are unique to the node.

  4. Restart the indexing services using the command:

    rcsentinel stopSIdb
rcsentinel startSIdb

  5. Complete the scalable storage configuration as mentioned in the following sections:

14.1.3 Collector Manager and Correlation Engine Installation

By default, Sentinel installs a Collector Manager and a Correlation Engine. For production environments, set up a distributed deployment because it isolates data collection components on a separate machine, which is important for handling spikes and other anomalies with maximum system stability. For information about the advantages of installing additional components, see Advantages of Distributed Deployments.

IMPORTANT:You must install the additional Collector Manager or the Correlation Engine on separate systems. The Collector Manager or the Correlation Engine must not be on the same system where the Sentinel server is installed.

Installation Checklist: Ensure that you have completed the following tasks before starting the installation.

  • Make sure that your hardware and software meet the minimum requirements. For more information, see Section 5.0, Meeting System Requirements.

  • Synchronize time by using the Network Time Protocol (NTP).

  • A Collector Manager requires network connectivity to the message bus port (61616) on the Sentinel server. Before you start installing the Collector Manager, make sure that all firewall and network settings are allowed to communicate over this port.

To install the Collector manager and the Correlation engine, use the following steps:

  1. Launch the Sentinel Main interface by specifying the following URL in your web browser:

    https://IP_AddressOrDNS_Sentinel_server:8443/sentinel/views/main.html

    Where <IP_AddressOrDNS_Sentinel_server> is the IP address or DNS name of the Sentinel server and 8443 is the default port for the Sentinel server.

    Log in with the username and password specified during the installation of the Sentinel server.

  2. In the toolbar, click Downloads.

  3. Click Download Installer under the required installation.

  4. Click Save File to save the installer to the desired location.

  5. Specify the following command to extract the installation file.

    tar zxvf <install_filename>

    Replace <install_filename> with the actual name of the install file.

  6. Change to the directory where you extracted the installer.

  7. Specify the following command to install the Collector Manager or the Correlation Engine:

    For Collector Manager: 

    ./install-cm

    For Correlation Engine: 

    ./install-ce

    or

    If you want to install Collector manager or the Correlation engine on more than one system, you can record your installation options in a file. You can use this file for an unattended installation on other systems. To record your installation options, specify the following command:

    For Collector Manager: 

    ./install-cm -r <response_filename>

    For Correlation Engine: 

    ./install-ce -r <response_filename>

  8. Specify the number for the language you want to use for the installation.

    The end user license agreement is displayed in the selected language.

  9. Press the Spacebar to read through the license agreement.

  10. Enter yes or y to accept the license agreement and continue with the installation.

    The installation might take a few seconds to load the installation packages and prompt for the configuration type.

  11. When prompted, specify the appropriate option to proceed with the Standard or Custom configuration.

  12. Enter the default Communication Server Hostname or IP Address of the machine on which Sentinel is installed.

  13. (Conditional) If you chose Custom configuration, specify the following:

    1. Sentinel server communication channel port number.

    2. Sentinel Web server port number.

  14. When prompted to accept the certificate, run the following command in the Sentinel server to verify the certificate:

    For FIPS mode:

    /opt/novell/sentinel/jdk/jre/bin/keytool -list -keystore 
/etc/opt/novell/sentinel/config/.activemqkeystore.jks

    For Non-FIPS mode:

    /opt/novell/sentinel/jdk/jre/bin/keytool -list -keystore 
/etc/opt/novell/sentinel/config/nonfips_backup/.activemqkeystore.jks

    Compare the certificate output with the Sentinel server certificate displayed in Step 12.

    NOTE:If the certificate does not match, the installation stops. Run the installation setup again and check the certificates.

  15. Accept the certificate if the certificate output matches the Sentinel server certificate.

  16. Specify credentials of any user in Administrator role. Enter the user name and the password.

  17. (Conditional) If you chose Custom configuration, enter yes or y to enable FIPS 140-2 mode in Sentinel and continue with the FIPS configuration.

  18. (Conditional) If your environment uses multi-factor or strong authentication, you must provide the Sentinel client id and Sentinel client secret. For more information about authentication methods, see Authentication Methods in the Sentinel Administrator Guide.

    To retrieve the Sentinel client ID and Sentinel client secret, go to the following URL:

    https://Hostname:port/SentinelAuthServices/oauth/clients

    Where:

    • Hostname is the host name of the Sentinel server.

    • Port is the port Sentinel uses (typically 8443).

    The specified URL uses your current Sentinel session to retrieve the Sentinel client ID and Sentinel client secret.

  19. (Conditional) If you have enabled Event Visualization, you must add the Collector Manager to the Elasticsearch whitelist. For more information, see Providing Access to Elasticsearch Clients by Using Whitelist.

  20. Continue with the installation as prompted until the installation is complete.