Table of Contents
Advertisement
Configuration Action window
Figure 1-4
1.1.3 Proprietary Collectors
Proprietary Collectors, written in Novell's own language, always use variables based on the short
tag to refer to event fields. The short tag name must be prefaced by a letter and underscore, where
the letter indicates the data type for the field (i_ for integer, s_ for string).
1.1.4 JavaScript Collectors
JavaScript Collectors usually refer to event fields using an "e." followed by the same user-friendly
label set in Event Configuration in the Sentinel Control Center. For a Sentinel system with a default
configuration, for example, the Initiator User Name would be referred to as "e.InitUserName" in the
JavaScript Collector. There are some exceptions to this general rule. Refer to the
Sentinel Collector
SDK (http://developer.novell.com/wiki/index.php?title=Develop_to_Sentinel)
for more details.
1.2 List of Fields and Representations
The table on the following pages shows the default labels, descriptions and data types for the
Sentinel event fields, along with the proper way to refer to the tags in filters, correlation rules,
actions, and proprietary collector scripts. Fields that cannot or should not be manipulated in the
Collector parsing do not have a Collector variable.
Sentinel 6.1 Rapid Deployment Event Fields
15
Advertisement
Table of Contents
