Environment
Novell Sentinel 6.1
Multiple DAS Binary services
Multiple DAS Binary services
Situation
More than one das_binary is being used and summary data is being lost.
DAS Aggregation can only pickup files from one location, which causes loss of summary data with a multiple das_binary setup.
Not all data is displayed in Summary Reports when using multiple das_binary processes.
DAS Aggregation can only pickup files from one location, which causes loss of summary data with a multiple das_binary setup.
Not all data is displayed in Summary Reports when using multiple das_binary processes.
Resolution
DAS Aggregation can only have one service unlike DAS Binary. Therefore, each das_binary service must write its summary data to the same directory as the "primary" das_binary.
To accomplish this, the das_binary.xml for all das_binary services must point to the same directory as the single das_aggregation.
In order for das_aggreation to pick up event files from secondary das_binary, the secondary das_binary should be configured to dump the event file to the same directory where das_aggregation is configured to pick up the file.
For example, in Sentinel 6.1, make sure the outputDirectory specified in secondary das_binary is the same directory that is specified in das_aggregation.
In das_binary.xml:
<obj-component id="EventFileRedirectService">
<class>esecurity.ccs.comp.event.redirect.EventFileRedirectService</class>
<property name="status">on</property>
<property name="handler">esecurity.event.fileredirect</property>
<property name="directory">../data/events/aggregation</property>
<property name="outputDirectory">../data/events/aggregation/done</property>
<property name="filePrefix">events</property>
<property name="fileSuffix">dat</property>
<property name="maxFileSize">500000000</property>
<property name="maxFileTime">1800</property>
<property name="notificationChannel">event_file_redirect</property>
<obj-component-ref>
<name>Publisher</name>
<ref-id>DispatchManager</ref-id>
</obj-component-ref>
</obj-component>
In das_aggregation.xml
<obj-component id="EventAggregationService">
<class>esecurity.ccs.comp.event.transformer.EventAggregationService</class>
<property name="directory">../data/events/aggregation/done</property>
<property name="reporterChannel">event_aggregation_status</property>
<property name="updateBatchSize">200</property>
<property name="updateDB">enabled</property>
<property name="nullHashValid">false</property>
<property name="maxNumberEntries">30000</property>
<property name="maxEntrySize">50</property>
<property name="startOffsetInDays">7</property>
<property name="deleteProcessedFiles">true</property>
<obj-component-ref>
<name>Publisher</name>
<ref-id>DispatchManager</ref-id>
</obj-component-ref>
</obj-component>
To accomplish this, the das_binary.xml for all das_binary services must point to the same directory as the single das_aggregation.
In order for das_aggreation to pick up event files from secondary das_binary, the secondary das_binary should be configured to dump the event file to the same directory where das_aggregation is configured to pick up the file.
For example, in Sentinel 6.1, make sure the outputDirectory specified in secondary das_binary is the same directory that is specified in das_aggregation.
In das_binary.xml:
<obj-component id="EventFileRedirectService">
<class>esecurity.ccs.comp.event.redirect.EventFileRedirectService</class>
<property name="status">on</property>
<property name="handler">esecurity.event.fileredirect</property>
<property name="directory">../data/events/aggregation</property>
<property name="outputDirectory">../data/events/aggregation/done</property>
<property name="filePrefix">events</property>
<property name="fileSuffix">dat</property>
<property name="maxFileSize">500000000</property>
<property name="maxFileTime">1800</property>
<property name="notificationChannel">event_file_redirect</property>
<obj-component-ref>
<name>Publisher</name>
<ref-id>DispatchManager</ref-id>
</obj-component-ref>
</obj-component>
In das_aggregation.xml
<obj-component id="EventAggregationService">
<class>esecurity.ccs.comp.event.transformer.EventAggregationService</class>
<property name="directory">../data/events/aggregation/done</property>
<property name="reporterChannel">event_aggregation_status</property>
<property name="updateBatchSize">200</property>
<property name="updateDB">enabled</property>
<property name="nullHashValid">false</property>
<property name="maxNumberEntries">30000</property>
<property name="maxEntrySize">50</property>
<property name="startOffsetInDays">7</property>
<property name="deleteProcessedFiles">true</property>
<obj-component-ref>
<name>Publisher</name>
<ref-id>DispatchManager</ref-id>
</obj-component-ref>
</obj-component>