Sentinel Log Manager supports a variety of devices and applications, including intrusion detection systems, firewalls, operating systems, routers, Web servers, databases, switches, mainframes, and antivirus event sources. The data from these event sources is parsed and normalized to varying degrees depending on whether the data is processed by using the generic event Collector that puts the entire payload of the event into a common field, or by using a device-specific Collector that parses the data into individual fields.
The following event sources are supported by Sentinel Log Manager:
Cisco Firewall (6 and 7)
Cisco Switch Catalyst 6500 Series (CatOS 8.7)
Cisco Switch Catalyst 6500 Series (IOS 12.2SX)
Cisco Switch Catalyst 5000 Series (CatOS 4.x)
Cisco Switch Catalyst 4900 Series (IOS 12.2SG)
Cisco Switch Catalyst 4500 Series (IOS 12.2SG)
Cisco Switch Catalyst 4000 Series (CatOS 4.x)
Cisco Switch Catalyst 3750 Series (IOS 12.2SE)
Cisco Switch Catalyst 3650 Series (IOS 12.2SE)
Cisco Switch Catalyst 3550 Series (IOS 12.2SE)
Cisco Switch Catalyst 2970 Series (IOS 12.2SE)
Cisco Switch Catalyst 2960 Series (IOS 12.2SE)
Cisco VPN 3000 (4.1.5, 4.1.7, and 4.7.2)
Extreme Networks Summit X650 (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X450a (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X450e (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X350 (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X250e (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X150 (with ExtremeXOS 12.2.2 and earlier)
Enterasys Dragon (7.1 and 7.2)
Generic Event Collector
HP HP-UX (11iv1 and 11iv2)
IBM AIX (5.2, 5.3, and 6.1)
Juniper Netscreen Series 5
McAfee Firewall Enterprise
McAfee Network Security Platform (2.1, 3.x, and 4.1)
McAfee VirusScan Enterprise (8.0i, 8.5i, and 8.7i)
McAfee ePolicy Orchestrator (3.6 and 4.0)
McAfee AV Via ePolicy Orchestrator 8.5
Microsoft Active Directory (2000, 2003, and 2008)
Microsoft SQL Server (2005 and 2008)
Nortel VPN (1750, 2700, 2750, and 5000)
Novell Access Manager 3.1
Novell Identity Manager 3.6.1
Novell Netware 6.5
Novell Modular Authentication Services 3.3
Novell Open Enterprise Server 2.0.2
Novell Privileged User Manager 2.2.1
Novell Sentinel Link 1
Novell SUSE Linux Enterprise Server
Novell eDirectory 8.8.3 with the eDirectory instrumentation patch found on the Novell Support Web Site
Novell iManager 2.7
Red Hat Enterprise Linux
Sourcefire Snort (2.4.5, 2.6.1, 2.8.3.2, and 2.8.4)
Snare for Windows Intersect Alliance (3.1.4 and 1.1.1)
Sun Microsystems Solaris 10
Symantec AntiVirus Corporate Edition (9 and 10)
TippingPoint Security Management System (2.1 and 3.0)
Websense Web Security 7.0
Websense Web Filter 7.0
NOTE:To enable data collection from the Novell iManager and Novell Netware 6.5 event sources, add an instance of a collector and a child connector (Audit connector) in the Event Source Management interface for each of the event sources. When this is done, these event sources appear in the Sentinel Log Manager Web interface > > .
Collectors supporting additional event sources can either be obtained from the Sentinel Plug-ins Web site or built by using the SDK plug-ins that are available on the Sentinel Plug-in SDK Web site.