NetIQ Sentinel Log Manager

Version 1.2.1

Release Notes

Date Published: January 2013

 
 

 

Sentinel Log Manager 1.2.1 improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Sentinel Community Support Forums, our community Web site that also includes product notifications, blogs, and product user groups.

For more information about this release and for the latest release notes, see the Sentinel Log Manager Documentation Web site. To download this product, see the Novell Downloads Web site.

What's New?

The following sections outline the key features and functions as well as issues resolved in this release:

Operating System Support

Sentinel Log Manager 1.2.1 supports the SUSE Linux Enterprise Server (SLES) 11 Service Pack 2 (64-bit) platform.

Plug-Ins Upgrade

Sentinel Log Manager 1.2.1 includes new and updated versions of Sentinel plug-ins. The latest version of the Collectors and Connectors are available only when you perform a new installation. The latest versions of Integrators and Actions are available in both new and upgrade installations. For upgrade installations of Sentinel Log Manager 1.2.1, you can visit the Sentinel Plug-ins Web site, review the revision history of the latest Collectors and Connectors in the specific documentation, and then determine whether to download and install the latest plug-ins.

Collectors

This Service Pack provides new and updated versions of the following Collectors in new installations of Sentinel Log Manager 1.2.1:

  • Attachmate Luminet 2011.1r1 - New Collector.
  • Cisco Secure Access Control Server 6.1r2
  • HP HP_UX 2011.1r1
  • IBM AIX 6.1r3
  • Juniper Netscreen Series 2011.1r1
  • Microsoft Active Directory and Windows 2011.1r2
  • NetIQ Access Manager 2011.1r1
  • Novell Identity Manager 6.1r7
  • SonicWALL Firewall 2011.1r1
  • Websense Web Security 2011.1r1

Connectors

This Service Pack provides updated versions of the following Connectors in new installations of Sentinel Log Manager 1.2.1:

  • NetIQ Audit Connector 2011.1r1
  • SNMP Connector 2011.1r1
  • Database Connector 2011.1r2
  • Sentinel Link Connector 2011.1r2
  • Syslog Connector 2011.1r1

Integrators

This Service Pack provides updated versions of the following Integrators in both new and upgrade installations of Sentinel Log Manager 1.2.1:

  • Sentinel Link Integrator 2011.1r2
  • SMTP Integrator 2011.1r1
  • SNMP Integrator 2011.1r2

Actions

This Service Pack provides updated versions of the following Actions in both new and upgrade installations of Sentinel Log Manager 1.2.1:

  • Event Forwarder Action 2011.1r1
  • Send E-Mail 2011.1r2
  • Sentinel Link Action 2011.1r2

Enhancements

Security Improvements

Sentinel Log Manager 1.2.1 upgrades the following components to protect the system against security vulnerabilities:

  • Java Runtime Environment: from version 1.6.0_27 to version 1.7.0_09
  • Apache Tomcat version: from version 6.0.32 to version 6.0.35
  • ActiveMQ: from version 5.3.2 to 5.4.3
  • PostgreSQL: from version 8.3.12 to version 8.3.21

Ability to Configure the Number of Processors for mksqaushfs

Sentinel Log Manager 1.2.1 includes a new property, mksquashfs.numprocessors, that allows you to specify the number of processors for mksquashfs to use when compressing the index on the event data. This capability enables you to make better use of additional CPUs that may be available on some systems. You can set this configuration in the /etc/opt/novell/sentinel/config/configuration.properties file. (BUG 774459)

Software Fixes

Sentinel Log Manager 1.2.1 provides software fixes for the following issues. For the list of software fixes and enhancements in previous releases, see the Sentinel Log Manager Documentation Web site.

Certain System Activities Take Longer to Complete

Issue:

Sentinel partition management tasks, such as closing partitions, archiving partitions, and deleting expired partitions, run on a scheduled basis. Some of these management tasks might take some time to complete. Other unrelated administrative tasks and critical core functions sometimes wait for these long-running partition management tasks to complete. These unnecessary dependencies cause certain system activities to slow down or even halt. (BUG 773962)

Fix:

Sentinel Log Manager 1.2.1 removes these dependencies and improves the overall system performance and responsiveness.

Some Events do not have the Event Source Name

Issue:

When Sentinel Log Manager moves events to network storage and if the event source name is missing for an event in the raw data file, Sentinel Log Manager logs the Saving object RawDataFileInfo but attribute EventSourceName is required and null error in server logs. (BUG 791617)

Fix:

Sentinel Log Manager now assigns the event source ID as the event source name for events that do not have a name.

Cannot log in to the Web Interface When the System has Run Out of Local Disk Storage Space

Issue:

If you log in to the Web interface when the system has run out of local disk storage space, Sentinel Log Manager displays the Invalid username/password message and logs the LockObtainFailedException exception in the server and server_wrapper logs. (BUG 732226)

Fix:

Sentinel Log Manager now displays a warning when the system runs out of local disk storage space and also logs a system audit event. You must configure the local disk storage space per the hardware specifications. For more information, see "Hardware Requirements" in the NetIQ Sentinel Log Manager Installation Guide.

Sentinel Log Manager Logs Exceptions When Dealing with Large Amounts of Data

Issue:

Sentinel Log Manager logs the java.lang.NumberFormatException exception constantly when dealing with large amounts of data. (BUG 778527)

Fix:

Sentinel Log Manager now handles large amounts of data without logging exceptions.

Sentinel Log Manager Creates Two Different Database Entries for the Same Raw Data File

Issue:

A race condition in Sentinel Log Manager causes it to create two different entries in the database for the same raw data file, which might result in corrupt raw data zip files and incorrect checksums. (BUG 777267)

Fix:

This Service Pack fixes the race condition so that Sentinel Log Manager creates only one entry in the database for any given raw data file.

Data Storage Graphs Fail in German Language Systems

Issue:

Sentinel Log Manager accepts date only in the dd/mm/yy format. In German language systems, the date format is dd.mm.yy, which results in errors when you view the data storage graphs.(BUG 768213)

Fix:

Sentinel Log Manager now accepts all date formats and displays the data storage graphs as expected.

Unable to Handle Large Numbers of Event Sources

Issue:

Sentinel Log Manager runs out of memory when there are more than 2000 event sources, regardless of the event rate. (BUG 765778)

Fix:

This Service Pack improves the overall system performance. Sentinel Log Manger now handles more than 2000 event sources effectively.

Sentinel Log Manager does not Clean Up the Temporary Files Folder Periodically

Issue:

Sentinel Log Manager fills up the /opt/novell/sentinel_log_mgr/3rdparty/tomcat/temp/restservices.esec-tmp-mgr-<number>.tmp folder and populates the /tmp/esec-tmp-mgr-<number>.tmp folder every time you run a distributed search or a distributed report. Sentinel Log Manager deletes these temporary files whenever you restart the server. If the server is run for a longer duration without a restart, the temporary files accumulate over time and consume system memory. (BUG 740313)

Fix:

Sentinel Log Manager now deletes temporary files older than 72 hours (3 days) regardless of the server restart. To customize the temporary files retention period, add the following property in the /etc/opt/novell/sentinel/config/configuration.properties file:

tempFileManager.cleanupTask.retentionPeriod=<"time_in_hours">

Cannot Recreate User Accounts After Restoring Backup Data

Issue:

When you create user accounts after a data backup and then restore the data, the newly created user accounts do not appear in the Users list, which is expected because the user accounts were created after the data backup. However, when you recreate the same user accounts after the data restore, Sentinel Log Manager does not create the user account and displays the following error:

SEN-30005:: A database user with the name: <"user_name"> already exists. Please use a different user name."

The backup and restore utility does not clear some of the newly added user data in the database, which results in the error. (BUG 755500)

Fix:

The backup and restore utility now clears the user data added to the database after the data backup and therefore allows you to recreate user accounts.

Sentinel Log Manager Supports Weak and Medium Strength Ciphers

Issue:

Sentinel Log Manager supports low strength ciphers (less than 56 bit key) and medium strength ciphers (between 56 and 112 bit key), which could downgrade the browser security and allow hackers to access the cipher-text. (BUG 525768)

Fix:

Sentinel Log Manager now supports only strong ciphers.

Database Upgrade Fails When the .pgpass File Contains Multiple Password Entries

Issue:

When the .pgpass file contains multiple username/password entries, the upgrade script concatenates multiple passwords, which results in database authentication failure. (BUG 747761)

Fix:

The upgrade script now considers only the first password entry for authentication.

Sentinel Log Manager Displays the Tomcat Version in the HTTP 404 Error Page

Issue:

When the Sentinel Log Manager Web interface does not load, Sentinel Log Manager displays the HTTP 404 error page. The HTTP 404 error page displays the Web server type and its version, which could make the system vulnerable for footprinting attempts. (BUG 669861)

Fix:

Sentinel Log Manager now toughens footprinting by not displaying the Web server type and its version number in the HTTP 404 error page.

CIFS Data Storage Authentication Fails if the Password Contains "!"

Issue:

If the password to access the CIFS share contains a special character, such as "!", the authentication fails and you cannot configure the CIFS data storage. (BUG 791685)

Fix:

Sentinel Log Manager now handles special characters and allows you to authenticate successfully to the CIFS share.

The Default Send an E-mail Action is Deletable

Issue:

Sentinel Log Manager provides the Remove option that allows you to delete the default Send an E-mail action. If this action is deleted, you cannot send the report results to the configured recipients through email. (BUG 741234)

Fix:

Sentinel Log Manager now disables the Remove option for the default Send an E-mail action.

Return to Top

System Requirements

You can upgrade to Sentinel Log Manager 1.2.1 from Sentinel Log Manager 1.2 or later, or perform a new installation.

Sentinel Log Manager 1.2.1 requires the SLES 11 Service Pack 2 platform. Therefore, you must first ensure that the operating system is upgraded to SLES 11 Service Pack 2 before you install or upgrade to Sentinel Log Manager 1.2.1.

For more information on system requirements, see "System Requirements" in the NetIQ Sentinel Log Manager Installation Guide.

Note: The Sentinel Log Manager Installation Guide is not updated for this release. Therefore, information about the SLES 11 Service Pack 2 operating system requirement is not available in the Sentinel Log Manager Installation Guide.

Return to Top

Installing Sentinel Log Manager 1.2.1

To install Sentinel Log Manager 1.2.1, see the NetIQ Sentinel Log Manager 1.2 Installation Guide.

Installing the Xen Appliance

The Xen image has changed for this release. Therefore, to install the Xen appliance, you need to modify the xenconfig file as follows. These changes are in addition to the configuration changes mentioned in the NetIQ Sentinel Log Manager 1.2 Installation Guide.

  1. Comment the following line:

    vfb=["type=vnc,vncunused=1,vnclisten=0.0.0.0"]

  2. Add the following line:

    extra = "console=hvc0 xencons=tty"

The final xenconfig file must be as follows:

# -*- mode: python; -*-

name=install_file_name

memory=4096

disk=["tap:aio:/var/lib/xen/images/install_directory/install_filename]

vif=[ "bridge=br0" ]

#vfb=["type=vnc,vncunused=1,vnclisten=0.0.0.0"]

extra = "console=hvc0 xencons=tty"

Return to Top

Upgrading to Sentinel Log Manager 1.2.1

To upgrade to Sentinel Log Manager 1.2.1, see "Upgrading Sentinel" in the NetIQ Sentinel Log Manager 1.2 Installation Guide . After performing the upgrade procedure, restart the Sentinel Log Manager server computer to apply updates for SLES 11 Service Pack 2.

Appliance Upgrade

You need to upgrade the appliance by using the zypper patch because the upgrade fails in WebYaST due to the removal of packages and EULA acceptance in the update package.

To upgrade the appliance by using the zypper patch:

  1. Back up your configuration, then create an ESM export. For more information, see "Backing Up and Restoring Data" in the Sentinel Log Manager 1.2 Administration Guide.

  2. Log in to the appliance console as the root user.

  3. Run the following command:

    /usr/bin/zypper patch

  4. Enter 1 to accept the deinstallation of packages.

  5. Enter Y to proceed.

  6. Enter yes to accept the license agreement.

  7. Restart the Sentinel Log Manager appliance.

Return to Top

Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

For the list of known issues in previous releases, see the Previous Releases section in the Sentinel Log Manager documentation site.

Cannot Install the Xen Appliance

Issue:

The Xen appliance installation fails and displays the Unknown directive gfxmenu warning. (BUG 799650)

Fix:

The Xen image has changed for this release. Therefore, this is an expected behavior. For information on installing the Xen appliance, see "Installing the Xen Appliance".

Return to Top

Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.

Return to Top

Legal Notice

Return to Top