Thetab in Sentinel Log Manager Web UI is used to launch the Event Source Management interface, which monitors and configures advanced data collection capabilities beyond thesettings currently available in the web interface. Some connectors and collectors must be configured in the Event Source Management, such as the WMS connector for Windows, Database connectors, and SDEE connectors for Cisco devices.
You can perform the following tasks through the Event Source Management window:
Add or modify connections to event sources by using Configuration wizards.
View the real-time status of the connections to event sources.
Import or export configuration of event sources to or from the Live View.
View and configure Connectors and Collectors that are installed.
Import or export Connectors and Collectors from or to a centralized repository.
Monitor data flowing through the Collectors and Connectors.
View the raw data information.
Design, configure, and create the components of the Event Source Hierarchy, and execute required actions by using these components.
Java 1.6 Web Start is required to launch the Event Source Management Web application. If Java is not installed on your system, clicklink in the tab of Sentinel Log Manager Web UI. The Java Download page appears in a new tab.
NOTE:If you are using openSUSE11.1, update your JRE to latest JRE 1.6 update. Then use the Java Web Start (javaws) launcher command to launch the ESM.
Use the following procedure to launch the Event Source Management (Live View) window:
Log in to Sentinel Log Manager as an administrator.
Click thelink at the upper left corner of the page.
Click thebutton to launch the Event Source Management (ESM) interface.
The Novell Sentinel Event Source Management Login window is displayed.
Specify the username and password to log in to Novell Sentinel Log Manager, then click.
Only users with Administrator role are allowed to log in to ESM.
The Event Source Management (Live View) window is displayed.
The Event Source Management (Live View) interface provides a set of tools to manage and monitor connections between Sentinel Log Manager and the event sources that are providing data to Sentinel Log Manager. The graphical interface shows the current event sources and the software components that are processing data from that event source. Each component can be easily deployed to integrate the devices in the enterprise, and it can be monitored in real time within the ESM interface.
The following table describes the various components of the Event Source Management (Live View) interface.
The single Sentinel icon represents the main Sentinel Server that manages all events collected by the Sentinel system.
The Sentinel object is installed automatically through the Sentinel installer.
Each Collector Manager icon represents another instance of a Collector Manager process. Multiple Collector Manager processes can be installed throughout the enterprise. As each Collector Manager process connects to Sentinel, the object is automatically created in Event Source Management. For more information on installing a remote Collector Manager, see
Collectors instantiate the parsing logic for data from a particular event source. Each Collector icon in Event Source Management interface refers to a deployed Collector script as well as the runtime configuration of a set of parameters for that Collector.
You can download the Collectors from the Sentinel 6.1Content Web site.
For more information on customizing or creating new Collectors, refer to the Novell Developer’s Kit for Sentinel Web site.
Connectors are used to provide the protocol-level communication with an event source, using industry standards such as syslog, JDBC, and so forth. Each instance of a Connector icon in Event Source Management interface represents the Connector code as well as the runtime configuration of that code.
Event Source Server
An event source server (ESS) is considered as part of a Connector, and is used when the data connection with an event source is inbound rather than outbound. The ESS represents the daemon or server that listens for these inbound connections. The ESS caches the received data, and one or more Connectors connects to the ESS to fetch a set of data for processing. The Connector requests only the data from its configured event source (defined in the metadata for the event source) and that matches additional filters.
The event source represents the actual source of data for Sentinel. Unlike other components, this is not a plug-in, but is a container for metadata, including runtime configuration, about the event source. In some cases a single event source could represent many real sources of event data, if multiple devices are writing to a single file.
The changes take effect immediately for all new incoming events. However, it might take some time for events already in the queue to be processed.
For more information, refer to the Event Source Management section of the Sentinel User Guide.