Managing Event Sources - Novell SENTINEL LOG MANAGER 1.0.0.5 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual

Component
Collector
Connector
Event Source
Event Source
Server
The changes done take effect immediately for all new incoming events. However, it might take some
time for events already in the queue to be processed.
For more information, refer to the Event Source Management section of the
(http://www.novell.com/documentation/sentinel61/#admin).

4.4 Managing Event Sources

The event sources interface displays the health of the event source and the volume of data being
received from it in events per second. The Event Sources page lists all the event sources, such as
Syslog, Audit, File, and Database, that are configured in the Event Source Management interface.
You can refine the displayed event sources by selecting Collector Managers, Event Source Servers,
and Collector Plugins. You can also specify a filter on the event source name and select particular
event source health states you want to view. All of these refinement selections and filters are stored
on a per-user basis, so that each time you login to Sentinel Log Manager server you can view event
sources that match your last refinement selections.
60 Sentinel Log Manager 1.0.0.4 Administration Guide
Description
Collectors instantiate the parsing logic for data from a particular event source.
Each Collector icon in ESM refers to a deployed Collector script as well as the
runtime configuration of a set of parameters for that Collector.
You can download the Collectors from the
/support.novell.com/products/sentinel/secure/sentinel61.html).
For more information on customizing or creating new Collectors, refer to the
Novell Developer's Kit for Sentinel Web site (http://developer.novell.com/wiki/
index.php?title=Develop_to_Sentinel).
Connectors are used to provide the protocol-level communication with an
event source, using industry standards such as syslog, JDBC*, and so forth.
Each instance of a Connector icon in ESM represents the Connector code as
well as the runtime configuration of that code.
You can download the Connectors from the
(http://support.novell.com/products/sentinel/secure/sentinel61.html).
For more information on customizing or creating new Connectors, refer to the
Novell Developer's Kit for Sentinel Web site (http://developer.novell.com/wiki/
index.php?title=Develop_to_Sentinel).
An event source server (ESS) is considered as part of a Connector, and is
used when the data connection with an event source is inbound rather than
outbound. The ESS represents the daemon or server that listens for these
inbound connections. The ESS caches the received data, and one or more
Connectors connects to the ESS to fetch a set of data for processing. The
Connector requests only the data from its configured event source (defined in
the metadata for the event source) and that matches additional filters.
The event source represents the actual source of data for Sentinel. Unlike
other components, this is not a plug-in, but is a container for metadata,
including runtime configuration, about the event source. In some cases a
single event source could represent many real sources of event data, if
multiple devices are writing to a single file.
Sentinel 6.1Content Web site (http:/
Sentinel 6.1 Content Web site
Sentinel User Guide