Environment
Novell Sentinel RD Sentinel Server
Sentinel 6.1 Rapid Deployment
Sentinel 6.1 Rapid Deployment Service Pack 1
SentinelRD 6.1.1.0
Situation
Sentinel 6.1 Rapid Deployment Lucene searching has been removed in Sentinel Rapid Deployment Service Pack 1 (SentinelRD 6.1.1.0).
Resolution
The Search Option in the Web User Interface is Disabled
To enhance the stability of Sentinel 6.1 Rapid Deployment, the searching of events from the Web user interface has been disabled. The preferred methods for searching are in the Sentinel Control Center: the Historical Query and Offline Query.
Use the following procedure to enable the Search option in the Web user interface. However, under load, enabling this option might lead to das_binary crashes and even event loss. To enable the Search option:
1. Stop the Sentinel services:
$APP_HOME/bin/sentinel.sh stop
2. Open the das_binary.xml file for edit.
$APP_HOME/config/das_binary.xml
3. Uncomment the EventSearchComponent section:
<!--
<obj-component id="EventSearchComponent">
<class>esecurity.ccs.comp.textsearch.EventSearchComponent</class>
<property name="eventsearcher.sortableBatchSize">100000</property>
<obj-component-ref>
<name>EventProducer</name>
<ref-id>EventStoreService</ref-id>
</obj-component-ref>
</obj-component>
-->
4. Restart the Sentinel services:
$APP_HOME/bin/sentinel.sh restart
The Search option is now enabled and you can search for events from the Web user interface.
To enhance the stability of Sentinel 6.1 Rapid Deployment, the searching of events from the Web user interface has been disabled. The preferred methods for searching are in the Sentinel Control Center: the Historical Query and Offline Query.
Use the following procedure to enable the Search option in the Web user interface. However, under load, enabling this option might lead to das_binary crashes and even event loss. To enable the Search option:
1. Stop the Sentinel services:
$APP_HOME/bin/sentinel.sh stop
2. Open the das_binary.xml file for edit.
$APP_HOME/config/das_binary.xml
3. Uncomment the EventSearchComponent section:
<!--
<obj-component id="EventSearchComponent">
<class>esecurity.ccs.comp.textsearch.EventSearchComponent</class>
<property name="eventsearcher.sortableBatchSize">100000</property>
<obj-component-ref>
<name>EventProducer</name>
<ref-id>EventStoreService</ref-id>
</obj-component-ref>
</obj-component>
-->
4. Restart the Sentinel services:
$APP_HOME/bin/sentinel.sh restart
The Search option is now enabled and you can search for events from the Web user interface.