4.0 Configuring Data Collection

Novell® Sentinel™ Log Manager can collect data from a wide range of event sources, such as intrusion detection systems, firewalls, operating systems, routers, databases, switches, mainframes, antivirus applications, and Novell applications. A modular architecture divides the task of protocol-level connections (Connectors) and the parsing logic (Collectors) for specific event sources.

Figure 4-1 Hierarchy of Plug-ins In the Event Source Management (Live View)

Novell Sentinel Log Manager supports a wide variety of Connectors and also includes a variety of Collectors with parsing logic for specific event sources.

For a list of supported connectors and event sources packaged with this release, see System Requirements in the Sentinel Log Manager Installation Guide.

To download the new, additional and updated Collector and Connector plug-ins, see the Sentinel 6.1 Content Web site.

The configuration required to integrate a new event source with Novell Sentinel Log Manager varies depending on the type of event source and the communication method selected.

For more information about editing Collectors that are already included in the Sentinel Log Manager and about adding new Collectors, refer to the Sentinel Plug-In SDK Web site and Collector documentation at the Sentinel 6.1 Content Web site respectively.

The detailed documentation for Connectors and Collectors can be accessed by clicking on the PDF icon next to the Collector on the Sentinel 6.1 Content Web site.

Novell recommends that you review the full documentation for any new event source integration to ensure that all available features are enabled.

NOTE:Every Collector has its own associated Collector packs. The new Collector packs include reports that can be uploaded and used in the Sentinel Log Manager interface. For more information about extracting the reports, see Section 6.5, Extracting the Reports from the Collector Packs.