13.1 Performing Interactive Installation

13.1.1 Sentinel Server Standard Installation

Use the following steps to perform a standard installation:

  1. Download the Sentinel installation file from the Downloads website:

  2. Specify at the command line the following command to extract the installation file.

    tar zxvf <install_filename>

    Replace <install_filename> with the actual name of the install file.

  3. Change to the directory where you extracted the installer:

    cd <directory_name>
  4. Specify the following command to install Sentinel:


    If you want to install Sentinel in a custom in a non-default location, specify the location option along with the command.


    ./install-sentinel --location=/foo


    If you want to install Sentinel on more than one system, you can record your installation options in a file. You can use this file for an unattended Sentinel installation on other systems. To record your installation options, specify the following command:

    ./install-sentinel -r <response_filename>

    NOTE:The response file generated, must not be edited manually.

  5. Specify the number for the language you want to use for the installation, then press Enter.

    The end user license agreement is displayed in the selected language.

  6. Press the Spacebar to read through the license agreement.

  7. Enter yes or y to accept the license and continue with the installation.

    The installation might take a few seconds to load the installation packages and prompt for the configuration type.

  8. When prompted, specify 1 to proceed with the standard configuration.

    Installation proceeds with the default evaluation license key included with the installer. At any time during or after the evaluation period, you can replace the evaluation license with a license key you have purchased.

  9. Specify the password for the administrator user admin.

  10. Confirm the password again.

    This password is used by admin, dbauser, and appuser.

    The Sentinel installation finishes and the server starts. It might take few minutes for all services to start after installation because the system performs a one-time initialization. Wait until the installation finishes before you log in to the server.

To access the Sentinel Main interface, specify the following URL in your web browser:


Where IP_AddressOrDNS_Sentinel_server is the IP address or DNS name of the Sentinel server and 8443 is the default port for the Sentinel server.

13.1.2 Sentinel Server Custom Installation

If you are installing Sentinel with a custom configuration, you can customize your Sentinel installation by specifying your license key, setting a different password, specifying different ports, and so on.

  1. Download the Sentinel installation file from the Downloads website:

  2. Specify at the command line the following command to extract the installation file.

    tar zxvf <install_filename>

    Replace <install_filename> with the actual name of the install file.

  3. Specify the following command in the root of the extracted directory to install Sentinel:



    If you want to use this custom configuration to install Sentinel on more than one system, you can record your installation options in a file. You can use this file for an unattended Sentinel installation on other systems. To record your installation options, specify the following command:

    ./install-sentinel -r <response_filename>
  4. Specify the number for the language you want to use for the installation, then press Enter.

    The end user license agreement is displayed in the selected language.

  5. Press the Spacebar to read through the license agreement.

  6. Enter yes or y to accept the license agreement and continue with the installation.

    The installation might take a few seconds to load the installation packages and prompt for the configuration type.

  7. Specify 2 to perform a custom configuration of Sentinel.

  8. Enter 1 to use the default evaluation license key


    Enter 2 to enter a purchased license key for Sentinel.

  9. Specify the password for the administrator user admin and confirm the password again.

  10. Specify the password for the database user dbauser and confirm the password again.

    The dbauser account is the identity used by Sentinel to interact with the database. The password you enter here can be used to perform database maintenance tasks, including resetting the admin password if the admin password is forgotten or lost.

  11. Specify the password for the application user appuser and confirm the password again.

  12. Change the port assignments for the Sentinel services by entering the desired number, then specifying the new port number.

  13. After you have changed the ports, specify 7 for done.

  14. Enter 1 to authenticate users using only the internal database.


    If you have configured an LDAP directory in your domain, enter 2 to authenticate users by using LDAP directory authentication.

    The default value is 1.

  15. Enter y to enable the FIPS mode.

    NOTE:Enabling FIPS mode disables the TLSv1.3 protocol and the connection gets established using TLSv1.2.

    1. Specify a strong password for the keystore database and confirm the password again.

      NOTE:The password must be at least seven characters long. The password must contain at least three of the following character classes: Digits, ASCII lowercase letters, ASCII uppercase letters, ASCII non-alphanumeric characters, and non-ASCII characters.

      If an ASCII uppercase letter is the first character or a digit is the last character, they are not counted.

    2. Insert external certificates into the keystore database to establish trust, press y and specify the path for the certificate file. Follow this procedure to add the certificates needed for secure communication in Opensearch. These certificates are stored in <sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs/<certificate_name>.pem.

      Where <certificate_name> has following values:

      • root-ca

      • admin

      • node

      • client

      Add all of the above certificates one by one.

    3. Complete the FIPS 140-2 mode configuration by following the tasks mentioned in Section 23.0, Operating Sentinel in FIPS 140-2 Mode.

The Sentinel installation finishes and the server starts. It might take few minutes for all services to start after installation because the system performs a one-time initialization. Wait until the installation finishes before you log in to the server.

To access the Sentinel Main interface, specify the following URL in your web browser:


Where <IP_AddressOrDNS_Sentinel_server> is the IP address or DNS name of the Sentinel server and 8443 is the default port for the Sentinel server.

13.1.3 Collector Manager and Correlation Engine Installation

By default, Sentinel installs a Collector Manager and a Correlation Engine. For production environments, set up a distributed deployment because it isolates data collection components on a separate machine, which is important for handling spikes and other anomalies with maximum system stability. For information about the advantages of installing additional components, see Advantages of Distributed Deployments.

You can install more than one Collector Manager or Correlation Engine.

IMPORTANT:You must install the additional Collector Manager or the Correlation Engine on separate systems. The Collector Manager or the Correlation Engine must not be on the same system where the Sentinel server is installed.

You can record the installation parameters during interactive installation and then use the recorded files for an unattended installation on other systems. You can specify the following files to record the installation:

  • <Response_file>: Records the installation parameters you specify during installation.

  • <Configuration_file>: Specify this file only if you have multiple Sentinel servers. You can use this file to connect Collector Manager and Correlation Engine to a different Sentinel server than the one recorded in the response file. During interactive installation, it creates placeholders for Sentinel server details. You can later update this file with the relevant Sentinel server details and use it along with the response file during unattended installation.

    NOTE:This option is available only in Sentinel 8.2 SP3 or later.

Installation Checklist: Ensure that you have completed the following tasks before starting the installation.

  • Make sure that your hardware and software meet the minimum requirements. For more information, see Section 5.0, Meeting System Requirements.

  • Synchronize time by using the Network Time Protocol (NTP).

  • A Collector Manager requires network connectivity to the message bus port (61616) on the Sentinel server. Before you start installing the Collector Manager, make sure that all firewall and network settings are allowed to communicate over this port.

To install the Collector manager and the Correlation engine, complete the following steps:

  1. Launch the Sentinel Main interface by specifying the following URL in your web browser:


    Where <IP_AddressOrDNS_Sentinel_server> is the IP address or DNS name of the Sentinel server and 8443 is the default port for the Sentinel server.

    Log in with the username and password specified during the installation of the Sentinel server.

  2. In the toolbar, click Downloads.

  3. Click Download Installer under the required installation.

  4. Click Save File to save the downloaded installer file to the desired location in the Collector Manager or Correlation Engine machine.

  5. Specify the following command to extract the installation file.

    tar zxvf <install_filename>

    Replace <install_filename> with the actual name of the install file.

  6. Change to the directory where you extracted the installer.

  7. (Conditional) To install without recording the installation, specify the following command:

    • For Collector Manager:

    • For Correlation Engine:


      If you want to install the Collector Manager or Correlation Engine in a non-default location, specify the location option along with the command.


      ./install-cm --location=/foo
      ./install-ce --location=/foo
  8. (Conditional) To install and record the installation, do one of the following:

    • (Conditional) If you have a single Sentinel server, specify the following command:

      • For Collector Manager:

        ./install-cm -r <response_filename>
      • For Correlation Engine:

        ./install-ce -r <response_filename>
    • (Conditional) If you have multiple Sentinel servers, specify the following command:

      • For Collector Manager:

        ./install-cm -r <response_filename> -c <configuration_filename>
      • For Correlation Engine:

        ./install-ce -r <response_filename> -c <configuration_filename>

    For more information about using the response file or the configuration file, see Performing a Silent Installation.

  9. Specify the number for the language you want to use for the installation.

    The end user license agreement is displayed in the selected language.

  10. Press the Spacebar to read through the license agreement.

  11. Enter yes or y to accept the license agreement and continue with the installation.

    The installation might take a few seconds to load the installation packages and prompt for the configuration type.

  12. When prompted, specify the appropriate option to proceed with the Standard or Custom configuration.

  13. Enter the default Communication Server Hostname or IP Address of the machine on which Sentinel is installed.

  14. (Conditional) If you chose Custom configuration, specify the following:

    1. Sentinel server communication channel port number.

    2. Sentinel Web server port number.

  15. When prompted to accept the certificate, run the following command in the Sentinel server to verify the certificate:

    For FIPS mode:

    <sentinel_installation_path>/opt/novell/sentinel/jdk/jre/bin/keytool -list -keystore 

    For Non-FIPS mode:

    <sentinel_installation_path>/opt/novell/sentinel/jdk/jre/bin/keytool -list -keystore 

    Compare the certificate output with the Sentinel server certificate displayed in Step 13.

    NOTE:If the certificate does not match, the installation stops. Run the installation setup again and check the certificates.

  16. Accept the certificate if the certificate output matches the Sentinel server certificate.

  17. Specify credentials of any user in Administrator role. Enter the user name and the password.

  18. (Conditional) If the Certificate Revocation List is enabled in the server, then select Yes when prompted, the complete the following steps:

    1. Copy the certificate from<CONFIG_HOME>/config/ of the server to <CONFIG_HOME>/config/ of the Collector Manager or the Correlation Engine. The default value of <CONFIG_HOME> is /etc/opt/novell/sentinel .

    2. Click Yes when prompted.

    3. Specify the password for the client certificate.

  19. (Conditional) If you chose Custom configuration, enter yes or y to enable FIPS 140-2 mode in Sentinel, then add the path of the OpenSearch certificate <sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs/<certificate_name>.pem when it prompts for the external certificate.

    Where <certificate_name> has following values:

    • root-ca

    • admin

    • node

    • client

  20. (Conditional) If your environment uses multi-factor or strong authentication, you must provide the Sentinel client id and Sentinel client secret. For more information about authentication methods, see Authentication Methods in the Sentinel Administration Guide.

    To retrieve the Sentinel client ID and Sentinel client secret, go to the following URL:



    • Hostname is the host name of the Sentinel server.

    • Port is the port Sentinel uses (typically 8443).

    The specified URL uses your current Sentinel session to retrieve the Sentinel client ID and Sentinel client secret.

  21. Continue with the installation as prompted until the installation is complete.