4.3 Configuring Data Collection for Other Event Sources

The Advanced tab is used to monitor and configure advanced data collection capabilities beyond the settings currently available in the web interface.

4.3.1 Launching Event Source Management

You can add Collectors, Connectors, and event sources in the Event Source Management (Live View) window and point to log manager for the data collection.

Java 1.6 Web Start is required to launch the Event Source Management Web application. If Java is not installed on your system, click Download Java link. The Java Download page appears in a new tab. Click the Free Java Download button to download the Java from Sun Microsystems Web site.

NOTE:Update the JRE to the JRE 1.6 Update 13 (both 32 and 64 bit versions), if you are using the openSUSE 11.1. Then use the java web start (javaws) launcher command to launch the ESM.

You can perform the following tasks through the Event Source Management window:

  • Add or edit connections to event sources by using Configuration wizards.

  • View the real-time status of the connections to event sources.

  • Import or export configuration of event sources to or from Live View.

  • View and configure Connectors and Collectors that are installed with Sentinel.

  • Import or export Connectors and Collectors from or to a centralized repository.

  • Monitor data flowing through the Collectors and Connectors.

  • View the raw data information.

  • Design, configure, and create the components of the Event Source Hierarchy, and execute required actions using these components.

Use the following procedure to launch the Event Source Management (Live View) window:

  1. Log in to the Sentinel Log Manager as an administrator.

  2. Click the collection link at the upper left corner of the page.

  3. Click the Advanced tab.

  4. Click Launch button to launch the Event Source Management (ESM) interface.

  5. The Novell® Sentinel™ Event Source Management Login window is displayed.

  6. Specify the administrators username and password, to login to Novell Sentinel Log Manager, then click Login.

    The report administrator user’s and auditor user’s cannot login to Novell Sentinel Event Source Management interface.

  7. The Event Source Management (Live View) window is displayed.

    The Event Source Management (Live View) interface provides a set of tools to manage and monitor connections between Sentinel and the event sources that are providing data to Sentinel. The graphical interface shows the current event sources and the software components that are processing data from that event source. Each component can be easily deployed to integrate the devices in the enterprise, and then can be monitored in real time within the ESM interface.

  8. The following table describes about the various components of the Event Source Management (Live View) interface.




    The single Sentinel icon represents the main Sentinel™ Server that manages all events collected by the Sentinel system.

    The Sentinel object is installed automatically through the Sentinel installer.

    Collector Manager

    Each Collector Manager icon represents another instance of a Collector Manager process. Multiple Collector Manager processes can be installed throughout the enterprise. As each Collector Manager process connects to Sentinel, the object is automatically created in ESM.


    Collectors instantiate the parsing logic for data from a particular event source. Each Collector icon in ESM refers to a deployed Collector script as well as the runtime configuration of a set of parameters for that Collector.

    You can download the Collectors from the Sentinel 6.1Content Web site.

    For more information on customizing or creating new Collectors, refer to the Novell Developer’s Kit for Sentinel Web site.


    Connectors are used to provide the protocol-level communication with an event source, using industry standards such as syslog, JDBC*, and so forth. Each instance of a Connector icon in ESM represents the Connector code as well as the runtime configuration of that code.

    You can download the Connectors from the Sentinel 6.1 Content Web site.For more information on customizing or creating new Connectors, refer to the Novell Developer’s Kit for Sentinel Web site.

    Event Source

    An event source server (ESS) is considered as part of a Connector, and is used when the data connection with an event source is inbound rather than outbound. The ESS represents the daemon or server that listens for these inbound connections. The ESS caches the received data, and one or more Connectors connects to the ESS to fetch a set of data for processing. The Connector requests only the data from its configured event source (defined in the metadata for the event source) and that matches additional filters.

    Event Source Server

    The event source represents the actual source of data for Sentinel. Unlike other components, this is not a plug-in, but is a container for metadata, including runtime configuration, about the event source. In some cases a single event source could represent many real sources of event data, if multiple devices are writing to a single file.

The changes done take effect immediately for all new incoming events. However, it might take some time for events already in the queue to be processed.

For more information, refer to the Event Source Management section of the Sentinel User Guide.