2.5 Supported Event Sources

All event sources (devices) are supported, if there is a suitable connector to access their data. Novell Sentinel Log Manager provides collectors for many event sources. These collectors perform deep parsing of recognized events coming from the event sources. Data from event sources that have a suitable connectors, but whose data is unrecognized are processed by the Generic Event Collector. On a best-effort basis the Generic Event Collector analyses the received data and attempts to parse the information, if it was generated by a supported event source. If the Generic Event Collector does not understand the message, it does minimal parsing and places the bulk of the text in the Message field.

Sentinel Log Manager has enhanced support for data collection from Syslog and Novell Audit devices and the data collection can be configured by using the Sentinel Log Manager Web interface.

Sentinel Log Manager is also capable of collecting data from other devices by using many other connectors (for example: Database, File, and SNMP Connectors). Data collection from these devices can be configured by using the Event Source Management interface, which enables you to import and configure the Sentinel 6.0 and 6.1 connectors and collectors.

NOTE:Updated collectors and connectors are posted to the Sentinel 6.1 Content Web site on a regular basis. Updates typically include fixes, support for additional events, and performance improvements. Always download and import the latest version of the collectors and connectors.

Collectors that support the following event sources are pre-installed with Novell Sentinel Log Manager:

NOTE:To enable data collection from the Novell iManager and Novell Netware 6.5 event sources, add an instance of a collector and a child connector (Audit connector) in the Event Source Management interface for each of the event sources. Once this is done, these event sources appears in the Sentinel Log Manager web console under the Audit Server tab.

Collectors supporting additional event sources can either be obtained from Sentinel 6.1 Content Web site or built by using the SDK plug-ins that are available on the Sentinel Plug-in SDK Web site.