Novell Doc: Sentinel 6.1 Rapid Deployment User Guide

11.3 Live View

The ESM panel provides the main user interface to Event Source Management. You can view configuration data in a graphical or tabular view.

11.3.1 Graphical ESM View

The graphical view of ESM is the default view in Event Source Management. In the graphical view, you can view the status of a Collector and access the configuration settings of Collectors and Collector related objects as a graph of connected nodes.

Figure 11-11 Graphical View

By default, the Health Monitor Display frame displays in the graphical view. The data can be displayed in seven different layouts. The default layout in graph is the “Hierarchic Left to Right” layout. You can change between these layouts by selecting the layout format from the drop-down list in the toolbar.

Figure 11-12 Layout Selection

HINT:Click in the graphical ESM view and use “+” or “-” to zoom in or zoom out. Alternatively, use the mouse wheel to zoom in and zoom out.

In the graphical view, the lines connecting the components are color-coded to indicate data flow.

Green Line: Indicates that data is flowing between the components.
Grey Line: Indicates that the connection is not live and there is no data flow.
Blue dashed Line: Indicates the logical relation of event source servers to their associated Collector Managers and event sources.

The following terminology is used for nodes:

Parent Node: A node from which child nodes originate
Immediate Children: The sub-nodes that are logically and functionally linked to a parent node.
Collapsed/Expanded nodes: To improve the manageability and performance of the graphical display, Sentinel automatically contracts any node with 20 or more immediate children. This is especially useful for Connectors such as Syslog or Novell Audit that have the ability to automatically configure a large number of event sources.

HINT:Collapsed nodes are identified by a “-” sign on the node and expanded nodes are identified by a “+” sign.

Double-click a node to expand or collapse it.

In a collapsed state, a node displays the number of immediate children next to the node; for example, WMI Connector (3) [Collector name (Number of immediate children)]. The Children panel of a contracted node shows the immediate children of that node, each of which can be managed in the same way as nodes in the tabular ESM view.

NOTE:An event source server node does not have a “+” or “-” after its name even if it contains children.

Double-clicking a parent node changes the state from collapsed to expanded and vice versa. Double-clicking a node with no children displays the status details for that node. If an additional node is added to an expanded parent with over 20 children, the node is automatically collapsed. If an additional node is added to a manually expanded parent with over 20 children the node not automatically collapsed.

The parent node can take several minutes to expand if the parent node has a large enough number of child nodes to potentially cause the UI to become unresponsive; an alert message displays on the user interface to warn you about the delay in response. Click Yes to continue.

Figure 11-13 Expand Selected Node Prompt

If you choose not to show this message again, the preferences are saved on that machine and any user logging into Sentinel from that machine does not get an alert again.

11.3.2 Tabular ESM View

The components visible in the graphical view of ESM can also be viewed in tabular format. In the tabular view, you can view the status of a Collector in a table and access the configuration settings of Collectors and Collector-related objects.

Figure 11-14 Tabular View

The columns in the ESM tabular view are:

Configured Status: The On state the object is configured to be in. This is the state that is stored in the database and it does not necessarily match the actual On state of the object. For example, the two states do not match if a parent object is turned off or if there is an error.
Actual Status: The On state of the object as being reported by the actual running Collector Manager.
Connection Info (populated for event Sources only): A textual description of the event source connection.
Error: A textual description of an error that occurred in the running object.

HINT:Use the Table/Graph tabs to change to tabular or graphical views respectively.

11.3.3 Right-Click Menu

The Health Monitor Display view provides a set of right-click menus that help you execute a set of actions, as described below:

NOTE:The right-click actions available depend on the kind of object you clicked.

Status Details: Displays all information known about the status of the selected object.
Start: Sets the object to be running.

NOTE:The selected object starts only after the parent nodes start and are running.
Stop: Stops the running object.
Edit: Modifies the editable information (Filter information, Object name and so on) with this option.
Debug: Debugs the Collector. You must stop the running Collector before you debug it.
Move: Moves the selected object from its current parent object to another parent object. You can move objects between the views; that is, move from the Live View to the Scratchpad and vice versa.
Clone: Creates a new object that has its configuration information prepopulated with the settings of the currently selected object. This allows you to quickly create a large number of similar event sources without retyping the same information over and over again. You can clone objects between the views; that is, move from the Live View to the Scratchpad and vice versa. Cloning an object copies all the settings except the Run status. New objects created by using the Clone command are always in the Stopped state after creation.
Remove: Deletes a selected object from the system.
Contract: Collapses the child nodes into this node. This option is only available on parent nodes that are currently in an expanded state.
Expand: Expands the child nodes of this node. This option is only available on parent nodes that are currently in a collapsed state.
Add Collector: Opens an Add Collector Wizard that guides you through the process of adding a Collector to the selected Collector Manager.
Add Connector: Opens an Add Connector Wizard that guides you through the process of adding a Connector to the selected Collector.
Add Event Source: Opens an Add Event Source Wizard that guides you through the process of adding an event source to the selected Connector.
Open Raw Data Tap: Displays the live stream of raw data from an event source or flowing through the selected object.
Open Active View: Opens an Active View window that only displays events that have been generated by data from or flowing through the selected object.
Zoom: Zooms in the graphical view display on the selected object.
Show in Tabular/Graphical View: Switches over to the other view (to tabular view if you are in the graphical view, or to graphical view if you are in the tabular view) and automatically selects the object that is selected in the current view. When switching to graphical view, it also zooms in on the selected object.
Raw Data Filter: Allows you to filter the raw data flowing through the selected node. The raw data filter is available on Collectors, Connectors, and event sources. If a filter is specified to drop data, the data to be dropped is not passed to the parent node and, therefore, is not converted into events.
Import Configuration: Imports the configuration of ESM objects.
Export Configuration: Exports the configuration of ESM objects
Add Event Source Server: Allows you to add event source server to the selected Collector Manager
Add Collector Manager: In Scratchpad mode, you can add a Collector Manager to the Scratchpad by using this option. In the Live view, Collector Manager objects are created automatically as each Collector Manager connects to the Sentinel system.

When you select multiple objects in the ESM panel and right-cliches following options are available:

Start: Starts all the objects
Stop: Stops all the objects
Remove selected objects: Removes the selected object along with its children

HINT:Press Shift and click the object to select multiple objects.