7.8 Updating Map Data

Updating allows you to replace the map source data file of a map on the server with another file. Your new map source data file must have the same delimiter, number of columns, and overall structure as the existing map data source file in order for the map to function properly after the update. The new map source data file should differ from the existing file only by the values that appear in the columns. If the new map source data file has a different structure than the existing file, use the Edit feature to update the map definition.

Map updates can be performed on demand from the Sentinel Control Center. To set up an automated process to update map data, you can run an equivalent process from the command line using map_updater.sh.

There are two map locations: the location referenced by the Event Map Configuration (which is a user-defined location) and the location where Sentinel stores its internal representation of the map (/var/opt/novell/sentinel/data/map_data). The internal representation of the map should never be manually updated.

To update the map data from the Sentinel Control Center:

  1. If you haven’t already done so, create a CSV file containing the new map source data.

    This file can be generated (for example, from a data dump script), created manually, or be an edited version of the existing map data source file. If necessary, you can obtain the existing map data source file from /var/opt/novell/sentinel/data/map_data.

  2. Access a map definition.

    For more information, see Section 7.3, Accessing Map Definitions.

  3. Expand the folder of interest and select the mapping, then click Update.

  4. Select the new map data source file by clicking Browse and selecting the file with the new map data.

    After you select the file, the data from the new map data source file displays under the New tab. The map data you are replacing is under the Current tab.

  5. Deselect or leave the default setting for Backup Existing Data On Server.

    Enabling this option puts a backup of the existing map data source file in the /var/opt/novell/sentinel/data/map_data folder. The prefix of the name of the backup map data source file is the name of the existing map data source file. The end of the filename includes a set of random numbers followed by the .bak suffix. For example: vuln_attacks10197.bak.

  6. Click OK.

    The data from the new map data source file is uploaded to the server, replacing the contents of the existing map data source file. After the source data is completely uploaded, the map data is regenerated and distributed to map clients such as, Collector Manager.