The Collector Manager manages data collection, monitors system status messages, and performs event filtering as needed. The main functions of the Collector Manager include the following:
Transforming events.
Adding business relevance to events through the mapping service.
Performing global filtering on events.
Routing events.
Determining real-time, vulnerability, asset, or non-real-time data.
Sending health message to the Sentinel server.
The Collectors normalize and collect the information from the Connectors. Collectors are written in JavaScript and they define the logic for the following:
Receiving raw data from the Connectors.
Parsing and normalizing the data.
Applying repeatable logic to the data.
Translating device-specific data into Sentinel specific data.
Formatting the events.
Passing the normalized, parsed, and formatted data to the Collector Manager.
Device-specific filtering of events.
The Connectors provide connections from the event sources to the Sentinel system. Connectors use industry-standard protocols to get events such as syslog, JDBC to read from database tables, WMI to read from Windows Event Logs, and so on. Connectors provide:
Transportation of raw event data from the events sources to the Collector.
Connection specific filtering.
Connection error handling.