Sentinel 6.1.0.20 Hotfix 01

This document (5038380) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

Product	Status	Next Superceded By	Last Superceded By
Novell Sentinel 6.1	Obsolete	Sentinel 6.1.0.0 Service Pack 1	Sentinel 6.1.0.0 Service Pack 1

patch attributes

Security patch: No

Priority: Recommended

Distribution Type: Public

http://download.novell.com/Download?buildid=sbZ4xWON50c~

document

Revision: 7

Document ID: 5038380

Creation Date: 2008-12-24 12:27:29

Modified Date: 2009-05-22 11:48:49

abstract

Novell Sentinel 6.1 Hotfix 1 This Hotfix can only be run against an existing installation of Sentinel 6.1

details

Overview:

New Features
The following features are added in Sentinel 6.1 Hotfix 1.
- AUDIT_RECORD Table Partitioning - The AUDIT_RECORD table is configured for partitioning and archiving for better table management.
- Customizing Data and Time Format in Sentinel Control Center - This feature gives the ability to customize the date/time format that is displayed in event tables in SCC. These event tables are the ones seen in Active Views, Historical Event Query, Offline Query, etc. By default, the date/time format will be based on the locale of the machine running SCC; however, the user can override this default by adding a property to the SentinelPreferences.properties file found in $ESEC_HOME/config.

Prerequisites

This Hotfix should be applied to Sentinel 6.1. There is a different patch that should be used for versions of Sentinel 6.0.

Back Up Sentinel Database:

It is highly recommended that you make a complete backup of the entire Sentinel database and the machine on which you are installing the patch. If this is not possible, then you should at least back up Sentinel database and the contents of the ESEC_HOME directory. This helps to protect your system against unexpected installation errors.

This patch should be applied to all Sentinel components, including Sentinel Control Center machines. Because the Hotfix installer is not localized, all the messages are shown in English. However, localization testing has been done to ensure that all localization features in 6.1 are preserved.

Back Up AUDIT_RECORD Table

AUDIT_RECORD is a table in the Sentinel database that contains internal audit events of the Sentinel system. In previous releases (Sentinel 6.0 SP2 Hotfix 5), the PatchDB script failed when the AUDIT_RECORD table was large. There are two workarounds to this issue when upgrading to Sentinel 6.1. In either scenario, you should back up the Sentinel database before making any changes.

1. Back up the Sentinel database before patching.
2. If the AUDIT_RECORD data is not important, truncate the AUDIT_RECORD table.

TRUNCATE TABLE AUDIT_RECORD

If the AUDIT_RECORD data is important and needs to be preserved, add more space to the temporary space. The amount of space to be added depends on the data; consult your DBA for adequate settings.

Document Customized Event Field Names

The patch overwrites all the tag names customized by the user before installation with Sentinel tag names. You should keep track of all the customized tags prior to the installation. Some terminology changes for event fields are in effect after the patch installation. Please read the complete Release Notes contained in this hotfix for complete details.

System Requirements:

Sentinel 6.1

Installation:

This Hotfix should be applied to all machines on which Sentinel components are installed, including Sentinel Control Center machines.

The instructions provided in this document are for installing this Hotfix only. This Hotfix can only be run against an existing installation of Sentinel 6.1.

NEW FEATURE:
This Hotfix comes with an automated installer that backs up the existing software components that will be replaced. The backup files are placed in a directory named "SP'id'_'date'_bak" under the ESEC_HOME directory, where 'id' is the identifier of the Hotfix and 'date' is the date of the Hotfix (for example, "SP6.1.0.20_SP0_HOTFIX1_2008-10-01-GMT_bak").

NOTE: It is highly recommended that a complete backup should be made of the machine on which you are installing the Hotfix. If this is not possible, then at a minimum a backup of the contents of the ESEC_HOME directory should be made. This will help to protect your system against unexpected installation errors.

Follow these instructions to install the Hotfix for software and database:
1. Login as an Administrator (Windows) or as root (*NIX).
2. Verify that the environment variables for Sentinel are set by running one of the following commands:

- On Linux/Solaris, echo $ESEC_HOME
- On Windows, echo %ESEC_HOME%

3. Extract the Hotfix zip file.
4. Close all Sentinel applications running on this machine, including:

- Sentinel Control Center
- Sentinel Collector Builder
- Sentinel Data Manager

5. Shut down Sentinel service running on this machine:

On Windows, use Windows Service Manager to stop the "Sentinel" services.
On *NIX, run $ESEC_HOME/bin/sentinel.sh stop

6. On the command line, return to the extracted Hotfix top level directory and run the service_pack script to start the Hotfix installer:

On Windows:
.\service_pack.bat
On *NIX:
./service_pack.sh

NOTE: If you are applying the Hotfix for the Sentinel applications running on Vista then skip to Installation with Windows Vista.

7. Press the key when prompted, to start the Hotfix installation procedure.
8. After the installation completes, log out and log back in to apply environmental variable changes.
9. Repeat the steps above on every machine with Sentinel software installed. This is required for all machines with any Sentinel software, including Sentinel server and client software.
10. Restart the Sentinel services on all machines:

On Windows, use Windows Service Manager to start the "Sentinel" services.
On *NIX, run $ESEC_HOME/bin/sentinel.sh start

11. This Hotfix also contains a mandatory patch to the Sentinel Database.
Apply the database patch by performing the appropriate steps below for the database platform you are using.

Installation with Windows Vista

To install patch on Windows Vista

1. Log in as any user (you do not need to be Administrator or a user with administrator privileges)
2. Go to Start > All Programs > Accessories right click on Command Prompt and select Run as administrator. If User Access Control is enabled, and you are logged in as a user with administrator privileges, a User Access Control window will appear asking "Windows needs your permission to continue". Click Continue. If you are logged in as a user without administrator privileges, you will be prompted to authenticate as an administrative user.

NOTE: If User Access Control is disabled, the system does not prompt for the administrator credentials. If you are logged in as a user without administrative privileges, you must log out, and login in as a user with administrator privileges. You must be logged in as a user with administrative privileges to install Hotfix 1.

3. Go to the location where install folder is located.
4. Run service_pack.bat.

Database Patch Installation on Oracle

The following steps must be performed on the machine with an Oracle Sentinel Database installed to prepare the database for 6.1 Hotfix1. The Sentinel Database patches for Oracle includes the patch script (PatchDb.sh). Although it is easiest to run the script directly on the database server machine, local policies can prohibit this (for example, if you cannot install Java on the database server). Therefore, this script can be run remotely from any machine that has Java version 1.5 and the Oracle client tools installed.

Main Patch Scripts for Oracle

There are several prerequisites to running the main patch script for Oracle:
- The patch must be copied to a machine that is running a *NIX operating system supported for Sentinel
- User has the Oracle client application sqlplus in its PATH
- User has the environment variable ORACLE_HOME set to the directory where the Oracle software is installed.
- User has the Java 1.5 executable java in its PATH

TIP: If you cannot run the main patch script directly on the database server, any other machine with Sentinel 6.0 or above already has the necessary version of Java installed. Therefore, the patch installer can be run from another Sentinel 6.0 machine. However, the $ESEC_HOME/jre directory does not allow the oracle user access by default. Therefore, you can add the oracle user to the esec group (for example, groupmod -A oracle esec), temporarily modify the permissions on the directory (for example, chown -R oracle $ESEC_HOME/jre), or install a second instance of Java. If using a non-Sentinel machine, the Java version and PATH variable settings can be verified by running the following command from a command line:

java -version

If necessary, the PATH environment variable can be updated to include the java installation directory, for example:

export PATH=/opt/novell/sentinel6/jre/bin:$PATH

If Java is not installed on the non-Sentinel machine, the correct Java version [Java Runtime Environment (JRE) 5.0] can be downloaded from the following URL:

http://java.sun.com/javase/downloads/index_jdk5.jsp

To run the main patch script for Oracle:
1. Log in to the database server or another machine as a user that meets the installation prerequisites for this script.
2. Verify that your machine meets the Java prerequisites for running this script.
3. Extract the Hotfix zip file.
4. On the command line, go into the Hotfix top level directory that was just extracted.
5. Change directories to the following directory under extracted Hotfix top level directory.

db_patch/bin

6. Enter the following command.

./PatchDb.sh

7. Follow the prompts and enter the following information:
- Hostname or static IP address of the Oracle Sentinel Database that you want to patch.
- Port number of the Oracle Sentinel Database that you want to patch.
- Database net service name.
- Database service name of the Oracle Sentinel Database that you want to patch.
- Esecdba user password.

After you press Enter the final time, the script will verify the entered information and begin the database patch.

8. After the script is done applying the patch, check for any errors. If there are no errors, you are done with the Sentinel Database patch. If there are errors, resolve the errors and re-run the PatchDb utility.

Database Patch Installation on SQL Server

The following steps must be performed on the machine with a Microsoft SQL Server database to prepare the database for 6.1 Hotfix1. There is one main patch script for SQL Server (PatchDb.bat).

Main Patch Scripts for SQL Server

There are several prerequisites to running the pre-patch script for SQL Server:
- The patch must be copied to the machine that is running the Sentinel database.
- The patch must be run using the Sentinel Database User credentials, esecdba if using SQL Authentication

To run the database patch script for database on MSSQL with Windows Authentication:

1. Log into the database machine as the Windows Domain user that is the Sentinel Database User.
2. Shut down the Sentinel Server processes (if this has not already been done).
3. Extract the Hotfix ZIP file (if this has not already been done).
4. Open a command prompt.
5. Change directories to the following directory under the extracted Hotfix directory:

db_patch\bin

6. Enter the command:

.\PatchDb.bat

7. Follow the prompts and enter the following information:

- Hostname or static IP address of the SQL Server Sentinel Database machine
- SQL Server Database instance name, if any
- Port number of the SQL Server database
- Name of the SQL Server database to patch (ESEC by default).
- 1 for the Windows Authentication option

After you press Enter the final time, the script will verify the entered information and proceed if authentication is successful.

8. After the script is done applying the patch, check for any errors. If there are errors, resolve the errors and re-run the PatchDb utility.
9. After the patch runs with no errors, Sentinel services can be started.

To run the database patch script for database on MSSQL with SQL Authentication:

1. Log into the database machine as the Windows Domain user that is the Sentinel Database User.
2. Shut down the Sentinel Server processes (if this has not already been done).
3. Extract the Hotfix ZIP file (if this has not already been done).
4. Open a command prompt.
5. Change directories to the following directory under the extracted Hotfix directory:

db_patch\bin

6. Enter the command:

.\PatchDb.bat

7. Follow the prompts and enter the following information:

- Hostname or static IP address of the SQL Server Sentinel Database machine
- SQL Server Database instance name, if any
- Port number of the SQL Server database
- Name of the SQL Server database to patch (ESEC by default).
- 2 for the SQL Authentication option
- Esecdba users password

After you press Enter the final time, the script will verify the entered information and proceed if authentication is successful.

8. After the script is done applying the patch, check for any errors. If there are errors, resolve the errors and re-run the PatchDb utility.
9. After the patch runs with no errors, Sentinel services can be started.

Defects Fixed in this Release:

SEN-8471 - Moving through raw data tap events with keyboard does not update details in lower half of window. Fixed. Raw data tap now updates correctly.

SEN-8467 - Sentinel Data Manager login screen hangs up throwing exception if any table space (used,free,total) exceeds 2,147,483,647 MB. Fixed. SDM login works properly.

SEN-8032 - Sentinel Data Manager does not work with [enter] key to login. Fixed. SDM now work with [enter] key to login.

SEN-8113 - Selecting checkboxes in Dynamic List inconsistent. Fixed. Selecting checkboxes in Dynamic List now are consistent.

SEN-8080 - Sentinel Data Manager "History Status" window is limited in size. Fixed. Provided text area with scrollbar so that lengthy messages can be displayed.

SEN-7947 - Moving through raw data tap events with keyboard does not update details in lower half of window. Fixed. Details are updated properly.

SEN-7156 - Offline Query doesnt stop its execution when the "Stop" link is clicked. Fixed. Offline Query now stops properly.

SEN-8501 - Correlation Engine errors when running JavaScript. Fixed. Correlation Engine work properly.

SEN-8463 - Cannot debug JS correlation actions that create incidents. Fixed. Debugging JS correlation actions work properly.

SEN-8440 - Linux environment variables should not be set directly in /etc/profile. Fixed. Linux environment variables are moved to /etc/profile.d/

SEN-8210 - SDM does not ever finish loading when it encounters an error from the database. Fixed. SDM finishes loading properly.

SEN-8039 - PatchDB fails on non-English install. Fixed. PatchDB now installs on non-English system properly.

SEN-7062 - Customer would like to customize the way date/time is formatted in event tables. Fixed. Please follow the following manual steps to take advantage of this feature. To customize date and time format in event time stamp fields in the Sentinel Control Center and related exports to .csv or .html files, modify %ESEC_HOME%\config\SentinelPreferences.properties on Windows, $ESEC_HOME/config/SentinelPreferences.properties on Solaris and Linux to the format you desire.

Uncomment the following line in the file:.
#com.eSecurity.Sentinel.event.datetimeformat=yyyy-MM-dd'T'HH:mm:ss.SSSZ

The date and time format can be modified using the formatting information on the following web page:

http://java.sun.com/j2se/1.5.0/docs/api/java/text/SimpleDateFormat.html

By default, the Sentinel Control Center will use a pattern appropriate for the locale for which it is configured. This property gives the user the ability to override this default.

DAT-366 - Inability to manage SENT_AUDITD tablespace probably causing Sentinel to lock up. This is fixed by partitioning and archiving data in the SENT_AUDITD tablespace.

Known Issues in this Release:

DAT-375 - PatchDB fails when Audit Record table is large. When AUDIT_RECORD table is large, there might not be enough of temporary table space available to constraints in order to support AUDIT_TABLE partition management.

file contents

Files Included	Size	Date
2008-12-24_SENTINEL_6.1.0.20_HOTFIX_01.zip	49.7 MB (52154562)	2008-12-24 10:14:01
readme_5038380.html	N/A	2009-05-22 11:48:50

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.