Frequently Asked Questions

How can I help or contribute?

SENTINL is open-source and anyone can help the project by contributing code, testing, hunting bugs and updating documentation. Not a technical user? Help us by improving documentation, adding examples you find valuable, or just spreading the word about the feature with a blog post, or a tweet promoting the project to potential users.


Is version 6.x supported?

SENTINL will support all modern versions of Kibana and Elasticsearch. Version 6.x is already available for testing in our releases and will bring a new wave of native integration with Kibana tools, enhancing the experience.


Emails are not being sent. Why?

SENTINL uses emailjs to send emails. This NPM module requires a correct message to be formed, so make sure your configuration includes valid from and to values, as well as the proper authentication method for your email relay. If in doubt, refer to the documentation.


Reports are not being generated. Why?

SENTINL uses puppeteer to generate reports. The puppeteer requires Chrome or Chromium. Refer to puppeteer trouobleshooting page if you have any problem.


Watchers are not running in my timezone. Why?

SENTINL uses the UTC timezone internally to execute schedule. While rolling watchers are not effected (every x minutes) UTC timezone will be used for absolute timed executions. Future versions will allow adapting to localTimezone of the server executing Kibana.

To change the server or container localtime use the following example:

###Make a backup
sudo mv /etc/localtime /etc/localtime.bak
### set my localtime
sudo ln -s /usr/share/zoneinfo/XXX/XXX /etc/localtime

How can I avoid string encoding in mustache templates output?

SENTINL uses Mustache to enrich the messages of actions with data from its execution. If you want to use double braces without it being replaced, use triple braces ({{{hello}}}). See the Mustache documentation for more information.


How can I use SENTINL with ReadonlyREST authentication?

When using ReadonlyREST, the following SENTINL exceptions should be added to its configuration:

- name: ALLOWPOST
  type: allow
  methods: [POST,HEAD,GET,DELETE,OPTIONS]
  uri_re:  ^/watcher_alarms-.*/
  hosts: [localhost]
  verbosity: info

- name: ALLOWHEAD
  type: allow
  methods: [POST,HEAD,GET,DELETE]
  uri_re:  ^/watcher.*/
  hosts: [localhost]
  verbosity: info

How can I use SENTINL with SearchGuard authentication?

Here's an example provided by our Community to use SENTINL + SearchGuard. Full demo configuration. 1. Edit the sg_kibana_server role in sg_roles.yml: sg_kibana_server: cluster: - CLUSTER_MONITOR - CLUSTER_COMPOSITE_OPS indices: '?kibana': '*': - INDICES_ALL 'watcher*': '*': - MANAGE - CREATE_INDEX - INDEX - READ - WRITE - DELETE

  1. Reinitialize Search Guard afterwards: plugins/search-guard-5/tools/sgadmin.sh -cd plugins/search-guard-5/sgconfig/ -icl -ts config/truststore.jks -ks config/keystore.jks -h localhost -p 9300 -nhnv

Why are prebuilt SENTINL packages so big?

SENTINL packages include PhantomJS and Chrome binaries, occupying most of the archive space. These are used to generate screenshots for reports.


How can I secure sensitive passwords and values in SENTINL configuration?

When using Kibana 6.1+, the Secure Settings feature can be used to encrypt sensitive details. For example, to protect an email password:

bin/kibana-keystore create
bin/kibana-keystore add sentinl.settings.email.password

Reports failing with "HeadlessError"

When running reports using PhantomJS, the following error might be returned:

"fail to report, HeadlessError: Error executing command to extract phantom ports: Error: Command failed: ss -nlp | grep "[,=]354," || netstat -nlp | grep "[[:space:]]354/"\n/bin/sh: ss: command not found

This can be resolved by installing the missing ss command on your system or container, ie:

sudo yum install -y iproute