How to recreate the Security Intelligence Database of Sentinel

Get a failed to connect error when attempting to open Security Intelligence.

If using Security Intelligence with Sentinel 7.0.x after upgrade to Sentinel 7.1.1.2 SI has negative impact on server performance and willing to start over with Security Intelligence.

Corrupted Security Intelligence database.

Replace the existing mongo database with a fresh database.  (Note:  This will remove all data from Security Intelligence so only perform these steps if the data is no longer needed.  You will need to re-create all dashboards.)  

PART 1 - Get mongo data directory from a separate/fresh Sentinel install (BOX 1).

STEP 1: Install Sentinel

STEP 2: su - novell

STEP 3: cd $APP_HOME/bin

STEP 4: ./server.sh stop

STEP 5: . ./setenv.sh

STEP 6: cd $ESEC_DATA_HOME/3rdparty/mongodb

STEP 7: tar zcvf my_mongo_data.tar.gz data

PART 2 - Put mongo data directory on Sentinel box needing to be replaced (BOX 2).

STEP 1: su - novell

STEP 2: cd $APP_HOME/bin

STEP 3: ./server.sh stop

STEP 4: . ./setenv.sh

STEP 5: cd $ESEC_DATA_HOME/3rdparty/mongodb

STEP 6: mv data data_old

STEP 7: <copy "my_mongo_data.tar.gz" from the other box (BOX 1) into this directory ($ESEC_DATA_HOME/3rdparty/mongodb)>

STEP 8: tar zxvf "my_mongo_data.tar.gz"

STEP 9: cd $ESEC_CONFIG_HOME/config  (Note: This is the location of the configuration.properties file used in the following steps.)

STEP 10: Copy the following two properties from (BOX 1) configuration.properties file into the configuration.properties file on this box (BOX 2):