An event is a significant occurrence in a system or in an application. Agent Manager monitors events written to logs or sent by devices, and responds to timed events, missing events, and events generated by scripts.
Agent Manager collects event information from a variety of sources called data providers. Data providers are sources of collected information. Choose a data provider based on the information you want to Agent Manager to collect and the type of rule you want to create.
Sentinel collects information from a variety of sources called data providers. Data collection rules specify which provider includes the information you want to collect.
Windows computers log events in specific event logs, and Agent Manager can collect events from these logs. By default, Sentinel collects events from the Security event log. Sentinel can collect events from the following Windows event logs:
Records events from applications on the computer.
Records events from Windows system components.
Records events based on specified Windows security options.
Records events from the Domain Name Service (DNS) server on Windows DNS servers.
Records events from the File Replication service on Windows.
Records events from the Active Directory service on Windows.
Some software applications create their own log files referred to as application log files. Using Sentinel, you can monitor the following application log files or messages:
Microsoft Internet Information Services, such as World Wide Web or FTP services
Internet Locator Service
Any generic single‑line log
NOTE:Sentinel can monitor log files if the applications append entries to the log. If the application you want to monitor periodically overwrites the log file, you can create a script or batch file that monitors the application log and appends the new information to a separate file for Agent Manager to monitor.