The steps are different if you have Sentinel or Sentinel RD.
In the Event Source Management live view, right-click the Collection Manager, then click
.Select
in the column.Select
in the column, then click .In the
column, select , then click .Configure the Identity Vault Collector for your needs by using the following information:
Click
.Complete the configuration of the Identity Manager Collector with the following information:
Name: Specify a name for this collector.
Run: Select whether the collector is started whenever the Collector Manager is started.
Alert if no data received in specified time period: (Optional) Select this option to send the No Data Alert event to Sentinel if data is not received by the collector in the specified time period.
Limit Data Rate: (Optional) Select this option to set a maximum limit on the rate of data the collector sends to Sentinel. If the data rate limit is reached, Sentinel throttles back on the source in order to limit the flow of data.
Set Filter: (Optional) Specify a filter on the raw data passing through the collector.
Trust Event Source Time: (Optional) Select this option if you trust the Event Source server’s time.
Click
.In the Sentinel Control Center toolbar, select
> .Right-click the Collector Manager, then click
.Select
in the column.Select
in the Name column, select in the version column, then click .In the
column, select , then click .Configure the Identity Vault Collector using the following information:
Configuration Parameter |
Default Value |
Description |
---|---|---|
ActiveMQ JMS User |
system |
Specify system as the username that is contained in the configactivemquser.properties file. System is the username that ActiveMQ JMS uses to connect to the Sentinel JMS broker to retrieve identity events. |
Broker Type |
Sentinel RD/ActiveMQ |
Select the type of broker you are using. The broker type is determined by the version of Sentinel you are using. The options are:
|
Broker URL |
|
Specify the URL used to connect to the Sentinel’s JMS broker. The format for Sentinel RD is: ssl://localhost:61616?wireFormat.maxinactivityDuration=0 |
Connector Retry Behavior |
no connector |
Specify how the Collector retries retrieving data from the Connector if no data is received. |
Execution Mode |
release |
Sets the execution mode for the collector. There are three options:
|
MSSP Customer Name |
unknown |
Name or numeric code for a specific customer in an MSSP environment. All data that is received is flagged with his value so that data segregation can be maintained. |
Script Error Severity |
Severe (5) |
If an error is detected in the Collector script configuration, this parameter determines the severity applied to the resulting event. |
Send Script Error Message |
yes |
Select whether an event is generated when an error is detected with the Collector script configuration. |
Sentinel Driver Instance ID |
If you have multiple Sentinel drivers, you must specify a unique instance ID for each Sentinel driver. This value must be the same as the value specific in the Sentinel driver configuration. For more information, see Section 8.0, Configuring Multiple Instances of the Sentinel Driver. |
Click
.Complete the configuration of the Identity Manager Collector with the following information:
Name: Specify a name for this collector.
Run: Select whether the collector is started whenever the Collector Manager is started.
Alert if no data received in specified time period: (Optional) Select this option to send the No Data Alert event to Sentinel if data is not received by the collector in the specified time period.
Limit Data Rate: (Optional) Select this option to set a maximum limit on the rate of data the collector sends to Sentinel. If the data rate limit is reached, Sentinel throttles back on the source in order to limit the flow of data.
Set Filter: (Optional) Specify a filter on the raw data passing through the collector.
Trust Event Source Time: (Optional) Select this option if you trust the Event Source server’s time.
Click
.