Table of Contents
Advertisement
Data aggregated by the Collectors in the form of events is subsequently normalized and transformed
into XML format, enriched with a series of metadata (that is, data about data) using a set of business
relevance services, and propagated to the server side for further computational analysis through the
message bus platform. The collection and enrichment layer consists of the following components:
"Connectors and Collectors" on page 400
"Collector Manager and Engine" on page 400
"Collector Builder" on page 400
"Common Services" on page 402
Connectors and Collectors
A Connector is a concentrator or multiplexed adapter that connects the Collector Engine to the
actual monitored devices.
Collectors are the component-level aggregators of event data from a specific source. Sentinel
primarily supports remote "Collector-less" connections to sources; however, Collectors can be
deployed on specific devices where a remote approach is less efficient.
Collectors are controlled from the Sentinel Control Center, which orchestrates the communication
between the Collectors and the Sentinel platform for real time analysis, correlation computation and
incident response.
Collector Manager and Engine
Collector Manager manages the Collectors, monitors system status messages, and performs event
filtering as needed. The main functions of the Collector Manager include transforming events,
adding business relevance to events through taxonomy, performing global filtering on events,
routing events, and sending health messages to the Sentinel server.
A Collector Engine is the interpreter component that parses the Collector code.
Collector Builder
The Collector Builder is a standalone application that is used to build, configure, and debug
Collectors. This application serves as an integrated development environment that allows the user to
create new Collectors to parse data from source devices, using a special-purpose interpretive
language designed to handle the nature of network and security events.
ESM introduces a new hierarchy of deployment objects that allows users to group multiple
connections into sets. The hierarchy is as follows:
400 Sentinel 6.1 Rapid Deployment User Guide
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
Related Products for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
- NOVELL SENTINEL 6.1 SP1 HOTFIX 2 - READ ME 9-2009
- NOVELL SENTINEL 6.1.1.0 - README
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009
- NOVELL NETWARE 6-DOCUMENTATION
- NOVELL ZENWORKS PATCH MANAGEMENT 6.3 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - AGENT
- Novell NETWARE 6
- Novell SENTINEL 6.1 SP2
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - INSTALLATION GUIDE 12-2009
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 SP2 - SERVER
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER