How to recreate the Security Intelligence Database of Sentinel

  • 7014786
  • 24-Mar-2014
  • 24-Mar-2014


Sentinel 7


After creating several dashboard in Security Intelligence the WebUI has become unresponsive.
Get a failed to connect error when attempting to open Security Intelligence.

If using Security Intelligence with Sentinel 7.0.x after upgrade to Sentinel SI has negative impact on server performance and willing to start over with Security Intelligence.

Corrupted Security Intelligence database.


Replace the existing mongo database with a fresh database.  (Note:  This will remove all data from Security Intelligence so only perform these steps if the data is no longer needed.  You will need to re-create all dashboards.)  

PART 1 - Get mongo data directory from a separate/fresh Sentinel install (BOX 1).
STEP 1: Install Sentinel
STEP 2: su - novell
STEP 3: cd $APP_HOME/bin
STEP 4: ./ stop
STEP 5: . ./
STEP 6: cd $ESEC_DATA_HOME/3rdparty/mongodb
STEP 7: tar zcvf my_mongo_data.tar.gz data

PART 2 - Put mongo data directory on Sentinel box needing to be replaced (BOX 2).
STEP 1: su - novell
STEP 2: cd $APP_HOME/bin
STEP 3: ./ stop
STEP 4: . ./
STEP 5: cd $ESEC_DATA_HOME/3rdparty/mongodb
STEP 6: mv data data_old
STEP 7: <copy "my_mongo_data.tar.gz" from the other box (BOX 1) into this directory ($ESEC_DATA_HOME/3rdparty/mongodb)>
STEP 8: tar zxvf "my_mongo_data.tar.gz"
STEP 9: cd $ESEC_CONFIG_HOME/config  (Note: This is the location of the file used in the following steps.)
STEP 10: Copy the following two properties from (BOX 1) file into the file on this box (BOX 2):

baselining.sidb.password="Box 1 Password String replace the existing Box 2 string"
baselining.sidb.dbpassword="Box 1 Password String replace the existing Box 2 string"

This will set the dbauser and appuser password to the password used during the install on BOX 1 which is the new database now being used on BOX 2.

STEP 11: cd $APP_HOME/bin
STEP 12: ./ start

Notice after start that the Security Intelligence will be blank.