NetIQ Sentinel 7.0.1, previously called Novell Sentinel, includes new features, improves usability, and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable inputs. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Sentinel Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.
The following sections outline the key features and functions provided by this version of Sentinel.
Sentinel provides an Operational EPS graph that displays the average EPS rate before applying filters at the event source, Connector, or Collector level. This allows you to determine whether the EPS rate is as expected and in compliance with the license. You can also generate reports to analyze the EPS rate over a specified time period and from specific Sentinel servers in your organization. For more information, see Monitoring the Events Per Second Received by Sentinel
in the NetIQ Sentinel 7.0.1 Administration Guide.
The InitiatiorServiceName (sp) and TargetServiceName (dp) fields size is increased from 32 to 256 characters to accommodate more characters in these fields. If you have created a Data Sync policy in Sentinel 7.0 that synchronizes either or both of the event fields, you need to modify the target column size in the external database table to reflect the increased size of the fields. For more information about Data Sync, see Configuring Data Synchronization
in the NetIQ Sentinel 7.0.1 Administration Guide.
Sentinel 7.0.1 includes the following security improvements:
Fixes the Directory traversal vulnerability CVE-2011-5028 issue. Users authenticated to the Sentinel Web interface now do not have access to files in the server.
The Java Runtime Environment (JRE) is upgraded to version 1.6.0_30.
MongoDB is upgraded to version 2.0.2.
Sentinel 7.0.1 includes the following software fixes and enhancements that improve the functionality and usability of the product:
NOTE:For the list of software fixes and enhancements in Sentinel 7.0, see the Sentinel 7.0 Release Notes.
Issue: When you rename a role in the Sentinel Web interface, Sentinel does not update the name in the Roles list. (BUG 712723)
Fix: Sentinel now updates the role when you rename it.
Issue: When the event count range is between 1000000 and1100000, the total event count value is not correct. For example, if the event count is approximately 1071110, the total event count shows 1.7M. (BUG 710747)
Fix: The Security Intelligence dashboard now summarizes the total event count properly.
Issue: When a Sentinel server searches or forwards a correlation event to another Sentinel server, the associated
link is enabled in the Correlation Events page even though there are no triggers to display. (BUG 719301)Fix: The
link does not show up in the interface when you search or forward correlation events to other Sentinel servers.Issue: The
drop-down list in the Action Manager Window includes temporary user names created by the system for job processes, such as a distributed search. (BUG 723189)Fix: The
drop-down list now excludes temporary user names created by the system.Issue: The clean_db.sh script does not accept localized values when you run the script in Traditional Chinese, Brazilian Portuguese, and French languages. (BUG 723905)
Fix: The script now accepts values in the language the script is running.
Issue: When you create a baseline from a category view, Sentinel generates an error message and does not return to the main dashboard page when you click the associated link. (BUG 722118)
Fix: Sentinel displays the newly created baseline data without errors.
Issue: When the local storage is 100% full and you shut down the Sentinel server, Sentinel logs the IllegalStateException message continuously in the server logs and some services do not shut down in the backend. (BUG 739831)
Fix: The Sentinel services shut down successfully and exceptions are not logged continuously.
Issue: When the total number of incident events exceed 2000 and you run any incident-based report, the report does not run and Sentinel logs exceptions in the server logs. (BUG 724586)
Fix: Incident-based reports run successfully regardless of the number of incident events.
Issue: When the installer files are in the root directory and you install the Sentinel server, Collector Manager, or Correlation Engine as a non-root user, the installation fails. (BUG 744215)
Fix: The installer script displays a message that indicates installation files must be placed in a directory owned by the non-root user.
Issue: When you log in with a different case than defined while creating the user account, you cannot create or view dashboards. For example, if you created the user name "admin” and log in to Sentinel as “Admin,” the
link is not available. When you select existing dashboards, an error is displayed. (BUG 734495)Fix: Sentinel allows you to create security intelligence dashboards regardless of the password case used to log in.
Issue: When you install Sentinel in a non-default location on RHEL systems, the installation stops after you accept the license agreement. (BUG 723588)
Fix: Installation completes successfully in non-default locations.
Issue: In Internet Explorer 8, when you select the
drop-down list in the Correlation interface, it takes several minutes to display the list. (BUG 704962)Fix: This release of Sentinel improves the performance time when accessing the
list.Issue: When there is a large number of event sources, periodic creation and updating of raw data files in the database for each event source impacts the overall system performance. (BUG 697326)
Fix: This release of Sentinel provides performance improvements that prevents raw data file processing from impacting the system performance.
You can upgrade to Sentinel 7.0.1 from Sentinel 7.0 or perform a new installation.
For more information about system requirements, see Meeting System Requirements
in the NetIQ Sentinel 7.0.1 Installation and Configuration Guide.
To install Sentinel 7.0.1, see the NetIQ Sentinel 7.0.1 Installation and Configuration Guide.
Along with the Sentinel installation, install the supportutils RPMs as a root user on SLES systems to enable configuration information and log file retrieval for future troubleshooting. These steps are performed automatically on appliance installations of Sentinel. To install the supportutils RPMs, issue the following command:
rpm -Uvh supportutils*
To upgrade Sentinel 7.0 to Sentinel 7.0.1, see Upgrading Sentinel
in the NetIQ Sentinel 7.0.1 Installation and Configuration Guide.
After upgrading from Sentinel 7.0 to Sentinel 7.0.1, perform the following post-upgrade procedures when applicable for your environment.
If you installed Sentinel in a non-default location, you must run the following commands as the novell user:
ln -s
"$RPM_INSTALLATION_PREFIX/opt/novell/sentinel/3rdparty/activemq/activemq-all-5.4.2.jar""$RPM_INSTALLATION_PREFIX/opt/novell/sentinel/lib/activemq-all-5.4.2.jar"
where $RPM_INSTALLATION_PREFIX is the location of the Sentinel installation.
Manually update the Sentinel Core Solution Pack provided with Sentinel 7.0.1. For instructions on manually upgrading the solution pack, see the Sentinel Core Solution Pack documentation.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, contact Technical Support.
Section 5.1, Accessing Help Menu in the Sentinel Control Center
Section 5.8, Solution Manager Installation of Correlation Rules
Section 5.9, Sentinel Link Action Displays Incorrect Message
Section 5.11, Dashboard and Anamoly Definitions with Identical Names
Section 5.12, Active Search Jobs Duration and Accessed Columns Inaccuracies
Issue: After you upgrade the server to Sentinel 7.0.1, the URLs in the .novell\sentinel\config\SentinelPreferences.properties file was already saved in the browser location before the upgrade. (BUG 748898)
> > menu might not launch the relevant Web sites. This happens if theWorkaround: Delete the SentinelPreferences.properties file and relaunch Sentinel Control Center. Sentinel downloads the latest SentinelPreferences.properties file.
The file is located in the following directory:
Windows: C:\Documents and Settings\<user>\.novell\sentinel\config\SentinelPreferences.properties
SLES: .novell\sentinel
RHEL: .novell\sentinel
Issue: In Sentinel 7.0.1, after the trial license is expired, when you log in or log out of the Web interface, Sentinel displays the error 403 REST. (BUG 746400)
Workaround: Ignore the error message.
Issue: If you specified a $ character in the password, Sentinel stores the password differently in the database depending on where the $ is placed in the password. If the password starts with the $ special character, Sentinel stores the password with a file name. If the $ character is somewhere in the middle of the password, Sentinel truncates the password to the location of the $ character. (BUG 734500)
Workaround: The actual password is stored in the home/novell/.pgpass file. Obtain the password from this file and then log in to Sentinel. For example, if you specified the password as abc$123, the Sentinel stores the password as abc in the .pgpass file. You can log in to Sentinel by specifying abc as the password.
Issue: If you change an event field name in the Sentinel Control Center, the change is not reflected in the Sentinel Web interface Filter builder. (BUG 696398)
Workaround: Refresh the Web browser and the change is then displayed in the Sentinel Web interface.
Issue: If you select multiple events in the Sentinel Web interface and select the Target/ping or Initiator/ping action, Sentinel displays the action output for the first event only. (BUG 698767)
Workaround: There is no solution at this time.
Issue: When you have at least one role containing an asterisk (*) in the name, you cannot use ‘*’ as a wild card when searching filters with Share with roles selected from the Sentinel Web interface. (BUG 710004)
Workaround: To use ‘*’ as a wild card when searching filters, rename roles that contain an asterisk.
Issue: Accessing the Sentinel REST API documentation from a browser bookmark returns an error. (BUG 719708)
Workaround: Access the Sentinel REST API documentation directly from the Sentinel Web interface
menu.Issue: Solution Manager does not install correlation rules when a correlation rule with an identical name already exists on the system. A NullPointerException error is logged in the console. (BUG 713962)
Workaround: Ensure all correlation rules have a unique name.
Issue: When you execute a Sentinel Link action from the Web interface Sentinel displays a success message even when the Sentinel Link Connector integrator test failed from the Sentinel Control Center. (BUG 710305)
Workaround: There is no solution at this time.
Issue: When the appuser password contains any the of the following special characters, the iTrac feature does not work properly: ‘+’, ‘\’, ‘#’, or ‘,’. The administrator user password provided during a standard configuration installation is used by the admin, dbuser, and appuser. (BUG 717679)
Workaround: Ensure the appuser password does not contain ‘+’, ‘\’, ‘#’, or ‘,’.
Issue: When a Security Intelligence dashboard and an anomaly definition have identical names, the dashboard link is disabled on the Anomaly Details page. (BUG 715986)
Workaround: Ensure you use unique names when creating dashboards and anomaly definitions.
Issue: The Sentinel Web interface displays negative numbers in the Active Search Job Duration and Accessed columns when the Sentinel Web interface computer clock is behind the Sentinel server clock. For example, the Duration and Accessed columns display negative numbers when the Sentinel Web interface clock is set to 1:30 PM and the Sentinel server clock is set to 2:30 PM. (BUG 719875)
Workaround: Ensure the time on the computer you use to access the Sentinel Web interface is the same as or later than the time on the Sentinel server computer.
Issue: Connections to remote Collector Managers drop and are then re-established minutes later. (BUG 719244)
Workaround: For information on assessing your environment and determining how to handle the number of events generated, see Novell Technical Information Document (TID)# 7009554 “Sentinel 7.0 Performance Monitoring.”
Issue: After you upgrade a Connector, Sentinel might not display the latest Connector details in the Plug-in Details window. (BUG 713147)
Workaround: Refresh the ESM user interface by clicking
in the ESM toolbar to update the Connector details.Issue: When you use forwarded ports, such as 80 or 443, or destination network-address-translation, baseline and trending does not function properly in the Security Intelligence dashboard. (BUG 694732)
Workaround: Append the default port number to the URL when accessing Sentinel baselining in the following instances:
Sentinel has been configured to listen on the default port, 443.
Sentinel is listening on a non-default port but port forwarding is enabled, which routes traffic from the default port to the port on which Sentinel is listening.
Issue: Sorting of localized strings does not work correctly in certain languages. If a localized language uses non-ascii characters or characters with diacritical marks, the sorting of strings in these languages does not work. (BUG 695468)
Workaround: There is no solution at this time.
Issue: When you filter on the new or old name of a renamed anomaly, the message Showing X of Y total anomalies uses the total anomaly count of both the old and new name for X. The message should use the number of anomalies matching the name for which you filtered. (BUG 724574)
Workaround: There is no solution at this time.
Issue: When installing the appliance on hardware with Extensible Firmware Interface (EFI), the installation fails.
Workaround: Disable all EFI features in the BIOS Setup. (BUG 754769)
Issue: The upgrade does not proceed if symbolic links are used for the following folders and subfolders:
opt/novell (Base folder)
etc/opt/novell (Configuration folder)
var/opt/novell (Data folder)
Workaround: Remove symbolic links to these folders and ensure they are in the standard release directories. (BUG 701778)
The online product documentation is available at the Sentinel 7.0 documentation Web site.
NetIQ Corporation (“NetIQ”) makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, NetIQ reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
NetIQ makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, NetIQ reserves the right to make changes to any and all parts of the software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. NetIQ assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2012 NetIQ Corporation. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
All third-party trademarks are the property of their respective owners.
For more information, please contact NetIQ at: