NetIQ Documentation: Sentinel Log Manager 1.2.2 Administration Guide - Configuring Data Collection for Other Event Sources

4.4 Configuring Data Collection for Other Event Sources

The Advanced tab in Sentinel Log Manager Web UI is used to launch the Event Source Management interface, which monitors and configures advanced data collection capabilities beyond the settings currently available in the web interface. Some connectors and collectors must be configured in the Event Source Management, such as the WMS connector for Windows, Database connectors, and SDEE connectors for Cisco devices.

You can perform the following tasks through the Event Source Management window:

Add or modify connections to event sources by using Configuration wizards.
View the real-time status of the connections to event sources.
Import or export configuration of event sources to or from the Live View.
View and configure Connectors and Collectors that are installed.
Import or export Connectors and Collectors from or to a centralized repository.
Monitor data flowing through the Collectors and Connectors.
View the raw data information.
Design, configure, and create the components of the Event Source Hierarchy, and execute required actions by using these components.

Java 1.6.0.20 and later is required to launch the Event Source Management Web UI. If Java is not installed in your system, click the Download Java link to download the latest version of Java. The Java Download page opens in a new tab.

NOTE:If you are using openSUSE11.1, update your JRE to latest JRE 1.6 update. Then use the Java Web Start (javaws) launcher command to launch the Event Source Management.

Use the following procedure to launch the Event Source Management (Live View) window:

Log in to Sentinel Log Manager as an administrator.
Click the collection link at the upper left corner of the page.
Click the Advanced tab.
Click the Launch button to launch the Event Source Management (ESM) interface.
The Novell Sentinel Event Source Management Login window is displayed.

Specify the username and password to log in to Novell Sentinel Log Manager, then click Login.

Only users with Administrator role are allowed to log in to ESM.

The Event Source Management (Live View) window is displayed.

The Event Source Management (Live View) interface provides a set of tools to manage and monitor connections between Sentinel Log Manager and the event sources that are providing data to Sentinel Log Manager. The graphical interface shows the current event sources and the software components that are processing data from that event source. Each component can be easily deployed to integrate the devices in the enterprise, and it can be monitored in real time within the ESM interface.

The following table describes the various components of the Event Source Management (Live View) interface.

Component	Description
Sentinel	The single Sentinel icon represents the main Sentinel Server that manages all events collected by the Sentinel system. The Sentinel object is installed automatically through the Sentinel installer.
Collector Manager	Each Collector Manager icon represents another instance of a Collector Manager process. Multiple Collector Manager processes can be installed throughout the enterprise. As each Collector Manager process connects to Sentinel, the object is automatically created in Event Source Management. For more information on installing a remote Collector Manager, see Installing Additional Collector Managers.
Collector	Collectors instantiate the parsing logic for data from a particular event source. Each Collector icon in Event Source Management interface refers to a deployed Collector script as well as the runtime configuration of a set of parameters for that Collector. You can download the Collectors from the Sentinel Plug-ins Web site. For more information on customizing or creating new Collectors, refer to the Novell Developer’s Kit for Sentinel Web site.
Connector	Connectors are used to provide the protocol-level communication with an event source, using industry standards such as syslog, JDBC, and so forth. Each instance of a Connector icon in Event Source Management interface represents the Connector code as well as the runtime configuration of that code. You can download the Connectors from the Sentinel Plug-ins Web site.For more information on customizing or creating new Connectors, refer to the Novell Developer’s Kit for Sentinel Web site.
Event Source Server	An event source server (ESS) is considered as part of a Connector, and is used when the data connection with an event source is inbound rather than outbound. The ESS represents the daemon or server that listens for these inbound connections. The ESS caches the received data, and one or more Connectors connects to the ESS to fetch a set of data for processing. The Connector requests only the data from its configured event source (defined in the metadata for the event source) and that matches additional filters.
Event Source	The event source represents the actual source of data for Sentinel. Unlike other components, this is not a plug-in, but is a container for metadata, including runtime configuration, about the event source. In some cases a single event source could represent many real sources of event data, if multiple devices are writing to a single file.

The changes take effect immediately for all new incoming events. However, it might take some time for events already in the queue to be processed.

For more information, refer to the Event Source Management section of the Sentinel User Guide.