User manual NOVELL SENTINEL LOG MANAGER 1.0.0.5 ADMINISTRATION GUIDE 03-31-2010

[. . . ] novdocx (en) 19 February 2010 AUTHORIZED DOCUMENTATION Administration Guide Novell® 1. 0. 0. 5 March 31, 2010 SentinelTM Log Manager 1. 0. 0. 5 www. novell. com Sentinel Log Manager 1. 0. 0. 4 Administration Guide novdocx (en) 19 February 2010 Legal Notices Novell, Inc. , makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. , makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. [. . . ] Basic event information includes event name, source, time, severity, information about the initiator (represented by an arrow icon), and information about the target (represented by a bull's-eye icon). This section gives you an understanding of searching for an event, refining search results, viewing search results, exporting the search results, saving a search query as report template, and sending the search results to an action instance. Section 5. 1, "Running an Event Search, " on page 75 Section 5. 2, "Refining Search Results, " on page 78 Section 5. 3, "Viewing Search Results, " on page 82 Section 5. 4, "Exporting Search Results, " on page 86 Section 5. 5, "Saving a Search Query as a Report Template, " on page 88 Section 5. 6, "Sending Search Results to an Action, " on page 90 5 5. 1 Running an Event Search Users can run simple or advanced searches. Section 5. 1. 1, "Running a Basic Search, " on page 75 Section 5. 1. 2, "Running an Advanced Search, " on page 77 Section 5. 1. 3, "Search Expression History, " on page 78 5. 1. 1 Running a Basic Search A basic search runs against all of the event fields listed in Table C-1 on page 149. Few basic searches include the following event values: root 127. 0. 0. 1 Lock* driverset0 Searching 75 novdocx (en) 19 February 2010 NOTE: If time is not synchronized across your server, client, and event sources, you might get unexpected results from your search. Searches for the time durations such as Custom, Last 1 hour, and Last 24 hours display results based on the timezone of the machine on which the search is performed. To run a basic search: 1 Type the Search criteria in the Search field and click the Search button on the upper right corner of the page. Sentinel Log Manager is configured to run a default search for non-system events with severity 3 to 5 when a user clicks the Search button for the first time. Otherwise, it reuses the last search term the user entered. To know more about the case-sensitive fields and tokenized (not case-sensitive) fields, see Appendix C, "Event Fields, " on page 149. 2 For using a different search criteria, type the search term in the Search field (for example, admin). To retrieve all the log events from all the sources, select Include System Events to include events that are generated by Sentinel Log Manager system operations, and run the search for the sev:[0 TO 5] as shown in the following image: 76 Sentinel Log Manager 1. 0. 0. 4 Administration Guide novdocx (en) 19 February 2010 3 Select a time period for the search. Most of the time settings are self-explanatory, and the default is Last 30 Days. Custom allows you to select a start date and time and an end date and time for the query. The start date should be lower than the end date, and the time is based on the machine's local time. Whenever searches both online and archive data in the data directory. 4 Click Search. All fields in the index are searched for the specified text. The event summary displays the search results on the search dashboard pane. indicates that the 5. 1. 2 Running an Advanced Search An advanced search can search for a value in a specific event field or fields. The advanced search criteria are based on the short names for each event field and the search logic for the index. To know about the field names, their descriptions, the short names that are used in advanced searches, and to know whether the fields are visible in the basic and detailed event views, see Table C-1, "Event Fields, " on page 149. NOTE: To perform a search, click the search tips link to use the tag names defined in the table. To search for a value in a specific field, use the short name of the field, a colon, and the value. [. . . ] If this script is not used, you can still configure the system to route data to the right Collector by manually reconfiguring the event source to send data by using the Web console or the Event Source Management Interface. Enables proper logging of user login events. Without this script, user logins are not logged by the operating system to the syslog stream. This script is designed to be used in conjunction with the following Collectors: HP HP-UX (11iv1 and 11iv2) Sun* Microsystems Solaris* 10 Novell SUSE® Linux Enterprise Server Red Hat Enterprise Linux The script is located in the setup directory of the Sentinel Log Manager installation directory. [. . . ]