System Events; A.3.6 System Events - Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual

Sentinel Time
Figure A-8
1. By default, the event time is set to Collector Manager time. The ideal time is the device time.
Therefore it is best to set the event time to the device time if the device time is available,
accurate, and properly parsed by the Collector.
2. A configurable time buffer that reorders events and updates real-time displays. The default time
is 30 seconds before and after server time.
3. Correlation reorder buffer. If the event time is more than 30 seconds older than the server time,
the correlation engine does not process the events.
4. If the event time is older than 5 minutes than the Collector Manager time (correct time), events
are directly routed to the database.

A.3.6 System Events

System events are a means to report on the status and status changes of the system. There are three
types of events generated by the internal system:
"Internal Events" on page 395
"Performance Events" on page 395
"Audit Events" on page 396
Internal Events
Internal events are informational and describe a single state or change of state in the system. They
report when a user logs in or fails to authenticate, when a process is started, or when a correlation
rule is activated.
Performance Events
Performance events are generated on a periodic basis and describe average resources used by
different parts of the system.
Sentinel 6.1 Rapid Deployment Architecture 395