The Novell Sentinel Log Manager is now available in a 500 EPS (events per second) version. The 500 EPS version is suitable for small deployments with only one Sentinel Log Manager server and a low event rate. It can also be used as a low volume node reporting to another Sentinel or Sentinel Log Manager server in a large deployment.
The end user license agreement (EULA) terms have been updated in this release. You must accept the new terms before before proceeding to apply the latest patch. Some of the changes in the EULA are:
Novell Sentinel Log Manager is now available in a 500 EPS version.
Updated definition for Non-Production Instance.
Updated definition for Type I Device.
The new and enhanced data collection user interface enables you to perform several new tasks:
Refine all the event sources by using the new screen.
Start and stop the audit and syslog event source server by using the new s tab.
Set the time zone for event sources.
Search for events that are coming from one or many event sources.
For more information about data collection configuration, see Configuring Data Collection
in the Sentinel Log Manager 1.0.0.4 Administration Guide.
Sentinel Log Manager now supports LDAP authentication in addition to the database authentication.
A new option has been added in the > window of the Sentinel Log Manager, which enables you to create user accounts that use LDAP authentication.
For more information about configuring the Sentinel Log Manager server for LDAP authentication, see User Administration
in the Sentinel Log Manager 1.0.0.4 Administration Guide.
The enhanced search result interface enables you to perform several new tasks:
Export search report results.
Send search results to an action.
Download the raw data files for the selected event result's event source by using the link.
View new event fields information in the search results.
For example, it displays the Source IP address, Rawdata Record ID, Collector Script, Collector name, Collector Manager ID, Connector ID, and Event Source ID information for the incoming events.
View all the event fields information for the event source by using the link.
For more information about searching events and generating reports, see Searching
in the Sentinel Log Manager 1.0.0.4 Administration Guide.
The new user interface for actions allows you to create multiple action instances that you can also use while configuring rules. You can also view the number of rules that are associated with an action.
For more information about configuring rules and actions, see Configuring Rules
in the Sentinel Log Manager 1.0.0.4 Administration Guide.
The new admin user interface enables you to assign new permissions for a user:
You can now allow users to view all reports that are stored on the server
Enable Sentinel Log Manager configuration reporting
You can now set a filter for the events a user can view.
For more information about configuring users, see User Administration
in the Sentinel Log Manager 1.0.0.4 Administration Guide.
Novell Sentinel Log Manager is easy to install and deploy for data collection, storage, reporting, and searching of log data. Installation of Novell Sentinel Log Manager includes installation of the Sentinel Log Manager server, Web server, reporting server, and configuration database.
Novell Sentinel Log Manager can collect and manage data from event sources that generate logs to syslog, windows event log, files, databases, SNMP, Novell Audit, SDEE, Check Point OPSEC, and other storage mechanisms and protocols.
Novell Sentinel Log Manager contains enhanced web-based user interface support for Syslog and Novell Audit connectivity to make it even easier to start collecting logs from event sources. You can direct all the logs to Sentinel Log Manager.
Messages from recognized data sources are parsed into fields such as target IP address and source username. Messages from unrecognized data sources are placed intact into a single field for storage, search, and reporting. All data can be filtered to drop unwanted events.
For a complete list of supported event sources, see “Supported Event Sources” in the Novell Sentinel Log Manager Guide.
Novell Sentinel Log Manager collects data using a wide variety of connection methods:
Syslog Connector automatically accepts and configures syslog data sources that send data over the standard user datagram protocol (UDP), reliable transmission control protocol (TCP), or secure transport layer system (TLS).
Audit Connector automatically accepts and configures audit-enabled Novell data sources.
File Connector reads log files.
SNMP Connector receives SNMP traps.
JDBC* Connector reads from database tables.
WMS Connector accesses Windows* event logs on desktops and servers.
SDEE Connector for Cisco* devices.
LEA Connector for Check Point* devices.
Sentinel Link Connector accepts data from other Novell Sentinel Log Manager servers.
Process Connector accepts data from custom-written processes that output event logs.
You can also purchase an additional license to download connectors for SAP* and mainframe operating systems.
To get the license, either call 1-800-529-3400 or contact Novell Technical Support.
For more information about configuring the connectors, see the connector documents at Sentinel Content Web site.
For more information about data collection configuration, see “Configuring Data Collection” in the Novell Sentinel Log Manager Guide.
Novell Sentinel Log Manager stores all of the log data in a compressed file format. Data can be archived locally or on a remotely-mounted CIFS or NFS share. You can set up data retention policies to configure the system to keep some data for longer time periods and other data for shorter time periods.
For more information about system requirements, see “System Requirements” in the Novell Sentinel Log Manager Guide.
For more information about data storage configuration, see “Configuring Data Storage” in the Novell Sentinel Log Manager Guide.
Novell Sentinel Log Manager can perform full text searches of all the stored event data or perform focused searches against particular event fields, such as source username. Such searches can be further refined, saved for future review, filtered, and formatted by applying a report template to the results.
Sentinel Log Manager has pre-installed reports and also has the ability to upload additional reports. Reports can be run as per a planned scheduled or for an unplanned requirement.
For more information on list of default reports, see “Sentinel Log Manager Reports” in the Novell Sentinel Log Manager Guide.
Searches and reports can run against both online and archived data.
For more information about searching events and generating reports, see “Searching” and “Reporting” respectively in the Novell Sentinel Log Manager Guide.