Novell SENTINEL 6.1 SP2 - 02-2010 User Manual page 454

Collectors are the component-level aggregator of event data from a specific source. Sentinel
primarily supports remote "Collector-less" connections to sources; however, Collectors can be
deployed on specific devices where a remote approach is less efficient.
Collectors are controlled from the Sentinel Control Center, which orchestrates the communication
between the Collectors and the Sentinel platform for real time analysis, correlation computation and
incident response.
Collector Manager and Engine
Collector Manager manages the Collectors, monitors system status messages and performs event
filtering as needed. Main functions of the Collector Manager include transforming events, adding
business relevance to events through taxonomy, performing global filtering on events, routing
events and sending health messages to the Sentinel server.
A Collector Engine is the interpreter component that parses the Collector code.
Collector Builder
Collector Builder is a standalone application that is used to build, configure and debug Collectors.
This application serves as an integrated development environment (or IDE) that allows the user to
create new Collectors to parse data from source devices using a special-purpose interpretive
language designed to handle the nature of network and security events.
ESM introduces a new hierarchy of deployment objects that allow users to group multiple
connections into sets. The hierarchy is as follows:
ESM Hierarchy
Figure A-9
454 Sentinel 6.1 User Guide