We are planing to send the incident to our own Help Desk system. We need
the incident handler can search the incident related events from our
Help Desk system by Sentinel REST API.

I have studied the Sentinel REST API , and can list the event by
"Events - Event List and Create Methods".

ie.
https://164.99.19.131:8443/SentinelR.../objects/event

Howerver, this event list only have 4 parameters, including: query,
field, page, pagesize. We can't submit the datetime range by this
method. How can we submit the event list query with datetime range by
Sentinel REST API? or, any other method can be use to submit the search
query with datetime range then get the related event?

In addition, every time I submit the event list query by REST API, the
'Too many open files' error message will come out in server0.0.log.

Tue Aug 28 23:18:23 CST
2012|INFO|Thread-697013|esecurity.ccs.comp.audit.AuditLogger.execut e
Audit Medium:: Action by user admin via Sentinel service
Indexed Search object Events method EventSearch client 127.0.0.1
succeeded : Event Search: Type USER, DATE-RANGE: Whenever,
MAX-EVENTS=100,000, QUERY-EXPRESSION=[sev\:1],
SECURITY-FILTER=[<empty>], TAGS-FILTER=[<empty>],
INTERNAL-EVENT-FILTER=[<empty>], with XDAS taxonomy name:
XDAS_AE_QUERY_DATA_ITEM_CONTENTS
Tue Aug 28 23:18:24 CST
2012|SEVERE|pool-153-thread-5|esecurity.ccs.comp.event.indexedlog.IndexedLogSe archJob$PartitionHitsRetrieverTask.call
IO Error performing search for the day Jul 12, 2012 (UTC).;
Exception
/var/opt/novell/sentinel/data/eventdata/events/20120712_6E1CCA35-4BD4-102D-91CD-000C2907C76D/index/_0.fdx
(Too many open files); java.io.FileNotFoundException;
Tue Aug 28 23:18:24 CST
2012|SEVERE|pool-153-thread-5|esecurity.ccs.comp.event.indexedlog.IndexedLogSe archJob$PartitionHitsRetrieverTask.call
java.io.FileNotFoundException:
/var/opt/novell/sentinel/data/eventdata/events/20120712_6E1CCA35-4BD4-102D-91CD-000C2907C76D/index/_0.fdx
(Too many open files)

Regards,
Steven


--
steven_cjhsiao
------------------------------------------------------------------------
steven_cjhsiao's Profile: https://forums.netiq.com/member.php?userid=544
View this thread: https://forums.netiq.com/showthread.php?t=2965