Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual page 401

ESM Hierarchy
Figure A-11
The event source, event source server, Collector, and Connector are configuration-related objects
that can be added through the ESM user interface.
Event Source: This node represents a connection to a specific source of data, such as a
specific file, firewall, or Syslog relay, and contains the configuration information necessary to
establish the connection. The health of this node represents the health of the connection to the
data source. This node sends raw data to its parent Connector node.
Event Source Server: This node represents a deployed instance of a server-type Connector
plug-in. Some protocols, such as Syslog UDP/TCP, NAudit, and others, push their data from
the source to a server that is listening to accept the data. The event source server node
represents this server and can be configured to accept data from protocols that are supported by
the selected Connector plug-in. This node redirects the raw data it receives to an event source
node that is configured to receive data from it.
Collector: This node represents a deployed instance of a Collector script. It specifies which
Collector script to use as well as the parameter values with which the Collector should run.
This node sends Sentinel events to its parent Collector Manager node.
Connector: This node represents a deployed instance of a Connector plug-in. It includes the
specification of which Connector plug-in to use as well as some configuration information,
such as auto-discovery. This node sends raw data to its parent Collector node.
Sentinel 6.1 Rapid Deployment Architecture 401