Detailed instructions for use are in the User's Guide.
[. . . ] novdocx (en) 13 May 2009
AUTHORIZED DOCUMENTATION
User Guide
Novell®
6. 1
December 2009
SentinelTM Rapid Deployment
www. novell. com
Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
Legal Notices
Novell, Inc. , makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. , makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. , reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. [. . . ] 2 Click Browser.
3 Select one of the following two options: Use default browser: Uses the default browser set for that particular machine. Use the following commands to launch a browser: Allows you to specify a specific application to launch. When you are using a browser other than the default browser, your command line must be followed by a %URL%. For example:
C:\Program Files\Internet Explorer\IEXPLORE. EXE %URL%
Default extension: This file extension is assumed if the file type in a configured action is blank. The following is an example where the output of the Menu Option launches into Internet Explorer*.
Administration 237
novdocx (en) 13 May 2009
4 After you set your configuration, click OK.
10. 6 DAS Statistics
This feature is for internal monitoring of your system. DAS Statistics monitors the following: DAS_Binary DAS_Core Unix Communication Server Collector_ Manager Correlation _Engine Web Server Statistics includes the following: Service: Name of the service, such as DAS_Core Time: Time since the last update num: Number of requests processed for this entry WaitTime: Average wait time in seconds for a request before its processing starts Runtime: Average time to process a request (in seconds) #wait: Average size of the wait queue #run: Average size of the run queue The information is divided into three sections: Requests Services ThreadPools Requests keeps all the requests by channel (such as services. CorrelationService). Sometimes the information provides a breakdown by appending a category under the name, such as Services. CorrelationService or Services. RemoteObjectService. EMap. getMapPK.
238 Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
For Services, the remote method calls from user-defined services (your XML services) are all under services. RemoteObjectService. Under that it puts the name of the service (such as EMap in the above example) and if asked, the name of the method (getMapPK in the above example). When a request such as a DAS query is received by a server, a task is created and scheduled. There can be more than one thread pool and a thread pool can service multiple services. For that reason, a request needs to wait for an available thread even if the service is not heavily used. If the statistics indicate that the wait time for a request is long and the number of requests for that service is low, check the information about the thread pools. For example, requests 15 means that there are 15 requests for all requests method calls. Under that, requests. configurations 1 means that 1 of the 15 are to configurations, requests. esecurity. correlation. config 2 means that 2 of the 15 are to esecurity. correlation. config, and so on.
Figure 10-9 DAS Statistics Window
The number of requests is especially useful, because you can see where requests are going or where they are concentrated. The # waiting information is useful because it shows how busy the server is. If it is large, new requests (even for simple tasks) need to wait for potentially slow ones. The average run time is very important because it shows which requests are actually taking all the time, as opposed to waiting for others.
10. 7 Mapping
A map is a collection of values and keys defined in a CSV or text file. You can enrich your data by using maps to add additional information to the incoming events from your source device. This additional information can be used for correlation and reporting. You can create your custom maps in addition to the default maps available. You can use event mapping, which allows you to add additional data to an event by using data already present in the event and by referencing and pulling data from an outside source. For more information, see Section 10. 8, "Event Configuration, " on page 249 and Section 10. 8. 1, "Event Mapping, " on page 249. [. . . ] Currently <n> Active View(s) Collecting.
B. 13. 3 Active View No Longer Permanent
DAS_Binary sends this event when it detects a formerly permanent Active View that is no longer permanent. This check happens periodically, so it can be several minutes after an Active View is removed from preferences before this event is generated.
Table B-127 Active View : Active View No Longer Permanent
Tag
Value
Severity Event Name Resource
1 RtChartNotPermanent RealTimeSummaryService
460 Sentinel 6. 1 Rapid Deployment User Guide
novdocx (en) 13 May 2009
Tag
Value
SubResource Message
ChartManager Active View with filter <filter> and attribute <attribute> for users with security filter <security filter> is no longer permanent.
B. 13. 4 Active View Now Permanent
DAS_Binary sends this event when it detects an Active View as newly permanent. This check happens periodically, so it can be several minutes after an Active View is saved to preferences before this event is generated.
Table B-128 Active View : Active View Now Permanent
Tag
Value
Severity Event Name Resource SubResource Message
1 RtChartIsNowPermanent RealTimeSummaryService ChartManager Active View with filter <filter> and attribute <attribute> for users with security filter <security filter> is now permanent.
B. 13. 5 Idle Active View Removed
DAS_Binary sends this event when a non:permanent Active View is removed because of inactivity.
Table B-129 Active View : Idle Active View Removed
Tag
Value
Severity Event Name Resource SubResource Message
1 RtChartInactiveAndRemoved RealTimeSummaryService ChartManager Removed idle Active View with filter <filter> and attribute <attribute> for users with security filter <security filter>. Currently <n> Active View(s) Collecting.
B. 13. 6 Idle Permanent Active View Removed
DAS_Binary sends this event when a permanent Active View is removed because of inactivity. [. . . ]