Reports in Sentinel are designed as plug-ins (.zip or .rpz files that include the report definition in addition to the metadata and resources used by the report). New or updated reports can be uploaded into Sentinel by users in the Manage Reports role.
The primary sources for new or updated reports are:
Solution Packs: Solution Packs provide a framework where sets of content can be packaged into controls, each of which is designed to enforce a specific business or technical policy. They are created in Sentinel Solution Designer and contain different types of plug-ins, including Sentinel reports. For more information on Solution Packs, see the Sentinel Plug-ins Web Site.
Collector Packs: Collector Packs are specialized Solution Packs. They include event source setup instructions, associated scripts, utilities, and Sentinel reports specific to the data of the associated Collector.For more information on Solution packs, see the Sentinel Plug-ins Web Site.
JasperForge iReport: You can modify or write reports by using JasperForge iReport, which is a graphical report designer for JasperReports. iReport is an open source report development tool that is available for download from JasperForge.org (as of the time of this publication).
New or modified reports can include additional database fields that are not presented in the Sentinel interface. They must adhere to the file and format requirements of the report plug-ins. For more information about database fields and file and format requirements for report plug-ins, see the Sentinel SDK Web site.
Collector Packs contain the event source setup instructions, associated scripts, utilities, and the Sentinel reports specific to the data of the associated Collector. The Collector Pack Extractor utility allows you to extract the Collector packs. You can use the instructions and scripts to configure the associated event sources. The reports that are extracted from the new Collector can be uploaded to the Sentinel. These Collector Packs are available on the Sentinel Plug-ins Web site.
To extract the reports from the Collector Packs:
Copy the Collector Packs from where you want to extract the event source setup instructions, associated scripts and utilities, and Sentinel reports to a temporary directory.
Download the Collector Pack Extractor from the Sentinel Plug-ins Web site. It is available under the tab.
Copy the cpextractor.jar file to the directory. where you copied the Collector Packs.
Execute the jar file in one of the following ways, depending on your operating software:
On Windows: Double-click the jar file (if the Java environment is properly configured).
On Linux: Run the java -jar cpextractor.jar command.
For each Collector Pack, a new directory is created with the same base name of the Collector. The newly created directory contains the following:
jasperreports: A subdirectory that contains all the extracted Sentinel reports.
instructions.txt: (Optional) A text file with the required instructions to configure the event source.
This directory can also contain additional files required for the event source configuration.
To proceed with event source configuration, follow the instructions provided in Configuring Data Collection for Other Event Sources
in the NetIQ Sentinel 7.0.1 Administration Guide.
For any additional steps required to configure the event source, follow the steps given in the instructions.txt file.
Log in to the Sentinel Web interface.
In the Reports panel, click , then select .
Browse and select the report plug-in .zip or .rpz file from your local machine.
NOTE:You must first add the appropriate Report Data Definition (.rdz) file to add the desired report plug-in.
Click , then click .
The new report definition is added to the Report Template list in alphabetical order and can be run immediately, if necessary.
Sentinel verifies the unique ID of the report to determine whether an older or identical version of the report already exists in the report repository. If it does, Sentinel displays the details of both the reports so that the user can decide whether to cancel the action or replace the existing report with the current report.
If the same report already exists in the report repository, decide based on the unique ID of the report whether to replace the existing report or not.
Sentinel displays details of both the reports.