Table of Contents
Advertisement
can have filter(1=1) and filter(e.sev>=3) configured, and launch Sentinel Link action to forward the
events to the same receiver. When the action is triggered, the receiver gets duplicated events.
Therefore, use them only when simple filtering conditions are not enough.
Note that some field values of the events are changed during event forwarding. For example, the
event id is changed, but, the event name is preserved when you forward an event.
Another advantage of Global Filters over Correlation rule is that the events are sent in batches of
500 events to the receiver system. With Correlation rule, each event is forwarded to the receiver
system as soon as an event is generated.
"Using Correlation Manager to Forward Events to the Receiver" on page 424
"Using Global Filters to Forward Events to the Receiver" on page 425
Using Correlation Manager to Forward Events to the Receiver
Use Correlation Manager to set correlation rules that filter the desired events for forwarding to the
receiver system. After creating a rule, add the Sentinel Link Action, then deploy the rule.
In the following example, a simple rule is created that forward events with severity greater than 3.
1 In the Sentinel Control Center, select Correlation Rule Manager.
2 Click Add.
The Correlation Rule wizard is displayed.
3 Click Simple. The Simple Rule windows is displayed.
4 Use the drop-down menus to set the criteria to Severity>=3, then click Next. The Update
Criteria window displays.
5 Select Do not perform actions every time this rule fires and use the drop-down menu to set the
time period to 1 minute. Click Next. The General Description window displays.
6 Name the rule as Sev4Rule, provide a description, and click Next.
7 Select No, do not create another rule and click Next.
8 Click Save.
9 Select the Correlation Rule Manager window.
10 Select Sev4Rule and click Deploy Rules link. The Deploy Rule window displays.
11 In the Deploy Rule window, select the Engine to deploy the rule.
424 Sentinel 6.1 User Guide
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL 6.1 SP2 - 02-2010
Related Products for Novell SENTINEL 6.1 SP2 - 02-2010
- NOVELL CLIENT FOR LINUX 2.0 SP2 - 03-2009
- NOVELL ACCESS MANAGER 3.1 SP2 - J2EE AGENT GUIDE 2010
- NOVELL BUSINESS CONTINUITY CLUSTERING 1.1 SP1 - 9-21-2010 ADMINISTRATION GUIDE FOR OPEN ENTERPRISE SERVER 1 SP2 LINUX
- NOVELL CLIENT FOR LINUX 2.0 SP1 - 08-2008
- NOVELL CLIENT FOR LINUX 2.0 SP3 - 11-2009
- NOVELL SP2 - S
- NOVELL SUSE LINUX ENTERPRISE DESKTOP 11 SP1 - 8-18-2010 VIRTUALIZATION WITH ZEN
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - NETWORK DISCOVERY DATABASE STRUCTURE
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009
- NOVELL DATA SYNCHRONIZER - 07-2010
- NOVELL SUPPORT ADVISOR 2.0.1
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - INSTALLATION GUIDE 12-2009
- Novell DATA SYNCHRONIZER MOBILITY PACK
- Novell SUSE LINUX Retail Solution 8
- Novell INTELLISYNC MOBILE SUITE 7.0
- NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010