I need to do some differents custom reports in Sentinel 7 using Eclipse
and iReports.
For example, authentication errors grouped by IP, hour, day and week.
I can do the filter (lucene syntax) on Sentinel WUI.
When I put the search filter in iReports, nothing is appear. However, if
I use this same filter on Sentinel WUI works fine.

iReport (dont work):
SELECT
dt AS event_parse_time,
evt AS event_name,
msg,
SetIfNull(dhn|zzzzzzzzzz) AS targethost_sortable,
SetIfNull(dip|zzzzzzzzzz) AS targetip_sortable,
SetIfNull(sun|zzzzzzzzzz) AS InitUser_sortable
WHERE
(pn"Novell Access Manager") AND evt"NIDS\: User session
authentication failed")) OR (rv40:000B0358)

This filter shows authentication failed on eDirectory and Access
Manager.
Instead if I change to a simple filter like this, works fine, and I can
do the custom reports.
iReport (works):
SELECT
dt AS event_parse_time,
evt AS event_name,
msg,
SetIfNull(dhn|zzzzzzzzzz) AS targethost_sortable,
SetIfNull(dip|zzzzzzzzzz) AS targetip_sortable,
SetIfNull(sun|zzzzzzzzzz) AS InitUser_sortable
WHERE
(sun:user1 AND evt:"Add Value" AND msg:"attribute1")


I've been noted that postgres's database schema is different as 'showed
' (http://www.novell.com/developer/plug..._db_views.html).
When I change the search events type to SQL on iReports, I cant search
any type of events. I cant find out tables or views to list 'sentinel
event schema '
(http://http://www.novell.com/develop...nt_schema.html)

Do I need to create a auxiliary database using Sentinel Reports RDD?
Then I configure the search filter (lucene syntax) to populate a
external database (SQL Server or Oracle).

TIA,
Juliano


--
jbvs
------------------------------------------------------------------------
jbvs's Profile: https://forums.netiq.com/member.php?userid=2621
View this thread: https://forums.netiq.com/showthread.php?t=44991