Novell SENTINEL 6.1 SP2 - REFERENCE GUIDE 02-2010 Reference Manual page 23

Default Label
CollectorScript
Resource
SubResource
ObserverHostName
SensorType
Protocol
InitHostName
InitServicePort
InitServicePortName
TargetHostName
TargetServicePort
Filters and Menu and
Correlation Correlation
Rules Actions
e.agent %agent%
e.res %res%
e.sres %sres%
e.sn %sn%
e.st %st%
e.prot %prot%
e.shn %shn%
e.spint %spint%
e.sp %sp%
e.dhn %dhn%
e.dpint %dpint%
Proprietary
Data
Collector Description
Type
Language
string The name of the Collector
Script used by the
Collector to generate this
event.
s_Res string Compliance monitoring
hierarchy level 1
s_SubRes string Subresource name
s_SN string Unqualified hostname of
the observer (sensor) of
the event.
s_ST string The single character
designator for the sensor
type (N, H, O, V, C, W, A,
I, P, T).










s_P string Protocol used between
initiating and target
services.
s_SHN string Unqualified hostname of
the initiating system.
s_SPINT integer Port used by service/
application that initiated
the connection.
s_SP string Name of the initiating
service that caused the
event.
s_DHN string Unqualified hostname of
the target system.
s_DPINT integer Network port accessed on
the target.
N: Network events
H: Host events
O: Other events
V: Vulnerability
events
C: Correlated events
W: Watchlist events
A: Audit events
I: Internal events
P: Performance
statistics events
T: Realtime events
Sentinel Event Fields 23