Detailed instructions for use are in the User's Guide.
[. . . ] novdocx (en) 13 May 2009
AUTHORIZED DOCUMENTATION
User Guide
Novell®
6. 1
December 2009
SentinelTM Rapid Deployment
www. novell. com
Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
Legal Notices
Novell, Inc. , makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. , makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. [. . . ] By default, the Action and Default Action are set to None. Global Filters execute only JavaScript actions. Actions that are associated with global filters cannot be deleted from the Action Manager.
10 Continue adding filters until you have completed adding all the required filters. 11 Click Save.
226 Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
Rearranging Global Filters 1 In the Global Configuration window, select a filter and click Up or Down to move it to a different location on the list. Deleting a Global Filter NOTE: When you delete a global filter, the confirmation message is not displayed. 1 In the Global Configuration window, select a filter from the list and click Delete. 2 Click Save.
10. 4. 4 Configuring Public and Private Filters
Configuring public and private filters allow you to: "Adding a Filter" on page 227 "Cloning a Public or Private Filter" on page 229 "Modifying a Public or Private Filter" on page 229 "Viewing the Details of a Public or Private Filter" on page 229 "Deleting a Public or Private Filter" on page 229
Figure 10-5 Filter Manager Window
Adding a Filter To add a public or private filter: 1 Click Admin > Filter Manager or select File Manager under the Filter Configuration folder in the Navigator; then click Add. You can select PUBLIC or PRIVATE (user owned).
Administration 227
novdocx (en) 13 May 2009
3 Specify a filter name. The table editor is the default selection for editing the contents. Optionally, you can click Use free form editor to display a free form editor. The free form editor allows you to create complex expressions not possible with the table editor. However, after the expression is modified with the free form editor, the table editor cannot be used with the expression. 4 Select the criteria for the following columns: Property Operator Value columns. Your choices displays in the Expression string box. 5 In the Match if box, click one of the following: All conditions are met (and) One or more conditions are met (or) 6 To create another filter expression, click Create a New Filter Expression (+) to add another row to the filter expression table. 7 To remove a filter expression, select a filter expression from the table and click Remove the Selected Expression (-). 8 Click Save.
228 Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
Cloning a Public or Private Filter Cloning is a convenient way to duplicate a filter to assure consistency of criteria among a group of filters or users. 4 Change any original filter's criteria. Modifying a Public or Private Filter 1 Open the Filter Manager window. 3 Change any of the criteria as desired. You cannot change the Owner ID and the Filter Name. Viewing the Details of a Public or Private Filter 1 Open the Filter Manager window. [. . . ] Permanent Active Views are saved in user preferences, and they time out after several days of inactivity by default.
System Events for Sentinel 461
novdocx (en) 13 May 2009
Table B-130 Active View : Idle Permanent Active View Removed
Tag
Value
Severity Event Name Resource SubResource Message
1 RtPermanentChartRemoved RealTimeSummaryService ChartManager Removed idle permanent Active View with filter <filter> and attribute <attribute> for users with security filter <security filter>. Currently <n> Active View(s) Collecting.
B. 14 Data Objects
Section B. 14. 1, "Activity Definition, " on page 462 Section B. 14. 2, "Configuration, " on page 462 Section B. 14. 3, "Viewing Configuration Store, " on page 463 Section B. 14. 4, "Write Data, " on page 463
B. 14. 1 Activity Definition
Table B-131 Data Objects : Activity Definition
Tag
Value
Severity Event Name Resource SubResource Message ActivityDefinition Activaty Name: <name> Description: <description> New/Update/Remove
B. 14. 2 Configuration
Table B-132 Data Objects : Configuration
Tag
Value
Severity Event Name Resource New/Update/Remove Core
462 Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
Tag
Value
SubResource
FilterConfig, GlobalFilterConfig, MenuConfig, OptionsConfig, IncidentActionConfig, AnalyzeDefaultConfig, AnalyzeReportConfig, AdvisorDefaultConfig and AdvisorReportConfig Updating Config Object: <name> by User: _SYSTEM
Message
B. 14. 3 Viewing Configuration Store
Table B-133 Data Objects : Viewing Configuration Store
Tag
Value
Severity Event Name Resource SubResource Message ViewConfigurationStore name <name> type <type> description <description> New/Update/Remove
B. 14. 4 Write Data
Table B-134 Data Objects : Write Data
Tag
Value
Severity Event Name Resource SubResource Message WriteData ListService ListUpdater Could not write data for list
B. 15 Activities
Section B. 15. 1, "Creating an Activity, " on page 464 Section B. 15. 2, "Deleting an Activity, " on page 464 Section B. 15. 3, "Saving an Activity, " on page 464
System Events for Sentinel 463
novdocx (en) 13 May 2009
B. 15. 1 Creating an Activity
Table B-135 Activities : Creating an Activity
Tag
Value
Severity Event Name Resource SubResource Message ActivityNamespace Creating iTRAC Activity <name> createActivity
B. 15. 2 Deleting an Activity
Table B-136 Activities : Deleting an Activity
Tag
Value
Severity Event Name Resource SubResource Message ActivityNamespace Deleting iTRAC Activity <name> deleteActivity
B. 15. 3 Saving an Activity
Table B-137 Activities : Saving an Activity
Tag
Value
Severity Event Name Resource SubResource Message ActivityNamespace Saving changes for iTRAC Activity <name> saveActivity
B. 16 Incidents and Workflows
Section B. 16. 1, "Add Events to Incident, " on page 465 Section B. 16. 2, "Adding Process Definition, " on page 465 Section B. 16. 3, "Create Incident, " on page 466
464 Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
Section B. 16. 4, "Creating Group, " on page 466 Section B. 16. 5, "Creating User, " on page 466 Section B. 16. 6, "Delete Incident, " on page 467 Section B. 16. 7, "Deleting Group, " on page 467 Section B. 16. 8, "Deleting Process Definition, " on page 467 Section B. 16. 9, "Deleting User, " on page 468 Section B. 16. 10, "E-Mail Incident, " on page 468 Section B. 16. 11, "Get Incident, " on page 468 Section B. 16. 12, "Save Incident, " on page 469 Section B. 16. 13, "Saving Group, " on page 469 Section B. 16. 14, "Saving Process Definition, " on page 469 Section B. 16. 15, "Send Incident to Hp Service Desk, " on page 470 Section B. 16. 16, "Send Incident to HpOVO, " on page 470 Section B. 16. 17, "Viewing Process Definition, " on page 470
B. 16. 1 Add Events to Incident
Table B-138 Incidents and Workflow : Add Events to Incident
Tag
Value
Severity Event Name Resource SubResource Message addEventsToIncident IncidentService IncidentService User: <name> adding <number> events to incident with ID: <ID>
B. 16. 2 Adding Process Definition
Table B-139 Incidents and Workflow : Adding Process Definition
Tag
Value
Severity Event Name Resource SubResource Message addProcessDefinition WorkflowServices WorkflowObjectMgrService reading iTRAC Template <name>
System Events for Sentinel 465
novdocx (en) 13 May 2009
B. 16. 3 Create Incident
Table B-140 Incidents and Workflow : Create Incident
Tag
Value
Severity Event Name Resource SubResource Message createIncident IncidentService IncidentService User: <name> created incident with name: <incidentName>, state: <state>, severity: <severity>, resolution: <resolution>
B. 16. 4 Creating Group
Table B-141 Incidents and Workflow : Creating Group
Tag
Value
Severity Event Name Resource SubResource Message createGroup WorkflowServices WorkflowObjectMgrService Creating iTRAC Role {0} : description : <description>
B. 16. 5 Creating User
Table B-142 Incidents and Workflow : Creating User
Tag
Value
Severity Event Name Resource SubResource Message createUser WorkflowServices WorkflowObjectMgrService Creating User in WorkFlow: {0} with firstname: <firstName> lastname : <lastName>
466 Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
B. 16. 6 Delete Incident
Table B-143 Incidents and Workflow : Delete Incident
Tag
Value
Severity Event Name Resource SubResource Message deleteIncident IncidentService IncidentService Delete incident with ID: <ID>
B. 16. 7 Deleting Group
Table B-144 Incidents and Workflow : Deleting Group
Tag
Value
Severity Event Name Resource SubResource Message deleteGroup WorkflowServices WorkflowObjectMgrService Deleting iTRAC Role {0} : description : <description>
B. 16. 8 Deleting Process Definition
Table B-145 Incidents and Workflow : Deleting Process Definition
Tag
Value
Severity Event Name Resource SubResource Message deleteProcessDefinition WorkflowServices WorkflowObjectMgrService Deleting iTRAC Template <ID>
System Events for Sentinel 467
novdocx (en) 13 May 2009
B. 16. 9 Deleting User
Table B-146 Incidents and Workflow : Deleting User
Tag
Value
Severity Event Name Resource SubResource Message deleteUser WorkflowServices WorkflowObjectMgrService Deleting User in WorkFlow: {0} with firstname: <firstName> lastname : <lastName>
B. 16. 10 E-Mail Incident
Table B-147 Incidents and Workflow : E-mail Incident
Tag
Value
Severity Event Name Resource SubResource Message emailIncident IncidentService IncidentService User: <name> emailed incident with name: <incidentName>, state: <state>, severity: <severity>{2}, resolution: <resolution> to email address: <e-mailID>
B. 16. 11 Get Incident
Table B-148 Incidents and Workflow : Get Incident
Tag
Value
Severity Event Name Resource SubResource Message getIncident IncidentService IncidentService Get incident with ID: <ID>
468 Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
B. 16. 12 Save Incident
Table B-149 Incidents and Workflow : Save Incident
Tag
Value
Severity Event Name Resource SubResource Message saveIncident IncidentService IncidentService Save incident with name: <name>, state: <state>, severity: <severity>, resolution: <resolution>
B. 16. 13 Saving Group
Table B-150 Incidents and Workflow : Saving Group
Tag
Value
Severity Event Name Resource SubResource Message saveGroup WorkflowServices WorkflowObjectMgrService Saving iTRAC Role {0} : description : <description>
B. 16. 14 Saving Process Definition
Table B-151 Incidents and Workflow : Saving Process Definition
Tag
Value
Severity Event Name Resource SubResource Message saveProcessDefinition WorkflowServices WorkflowObjectMgrService Saving iTRAC Template <name>
System Events for Sentinel 469
novdocx (en) 13 May 2009
B. 16. 15 Send Incident to Hp Service Desk
Table B-152 Incidents and Workflow : Send Incident To Hp Service Desk
Tag
Value
Severity Event Name Resource SubResource Message sendIncidentToHpServiceDesk IncidentService IncidentService User: <name> sent incident with name: <incidentName>, state: <state>, severity: <severity>, resolution: <resolution> to HP Service Desk
B. 16. 16 Send Incident to HpOVO
Table B-153 Incidents and Workflow : Send Incident To HpOVO
Tag
Value
Severity Event Name Resource SubResource Message sendIncidentToHpOVO IncidentService IncidentService User: <name> sent incident with name: <incidentName>, state: <state>, severity: <severity>, resolution: <resolution> to HP Open View
B. 16. 17 Viewing Process Definition
Table B-154 Incidents and Workflow : Viewing Process Definition
Tag
Value
Severity Event Name Resource SubResource Message getProcessDefinition WorkflowServices WorkflowObjectMgrService Viewing iTRAC Template <ID>
B. 17 General
Section B. 17. 1, "Configuration Service, " on page 471
470 Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
Section B. 17. 2, "Controlled Process is started, " on page 471 Section B. 17. 3, "Controlled Process Is Stopped, " on page 472 Section B. 17. 4, "Importing Auxiliary, " on page 472 Section B. 17. 5, "Importing Plug-In, " on page 472 Section B. 17. 6, "Load Esec Taxonomy to XML, " on page 473 Section B. 17. 7, "Process Auto Restart Error, " on page 473 Section B. 17. 8, "Process Restarts, " on page 473 Section B. 17. 9, "Proxy Client Registration Service (medium), " on page 474 Section B. 17. 10, "Restarting Process, " on page 474 Section B. 17. 11, "Restarting Processes, " on page 474 Section B. 17. 12, "Starting Process, " on page 475 Section B. 17. 13, "Starting Processes, " on page 475 Section B. 17. 14, "Stopping Process, " on page 475 Section B. 17. 15, "Stopping Processes, " on page 476 Section B. 17. 16, "Store Esec Taxonomy From XML, " on page 476 Section B. 17. 17, "Watchdog Process is started, " on page 476 Section B. 17. 18, "Watchdog Process Is stopped, " on page 477
B. 17. 1 Configuration Service
Table B-155 General : Configuration Service
Tag
Value
Severity Event Name Resource SubResource Message ConfigService Saving configuration, unit {0} app {1} userId {2} saveConfig
B. 17. 2 Controlled Process is started
Watchdog is run as a service. Its main purpose is to keep Sentinel processes running. If a process dies, Watchdog automatically restarts that process. [. . . ]