Sentinel Events

Sentinel receives information from devices, normalizes this information into a structure called a Sentinel event, and sends the event for processing. Events are processed by the real-time display, correlation engine, and the back-end server.

An event is made up of more than 200 tags. Tags are of different types and have different purposes. There are some predefined tags such as severity, criticality, destination IP, and destination port. There are two sets of configurable tags: reserved tags are for Novell internal use to allow future expansion and customer tags are for customer extensions.

Tags can be repurposed by renaming them. The source for a tag can either be external, which means that it is set explicitly by the device or the corresponding Collector, or referential. The value of a referential tag is computed as a function of one or more other tags using the mapping service. For example, a tag can be defined to be the building code for the building containing the asset mentioned as the destination IP of an event. Or, a tag can be computed by the mapping service by using a customer-defined map with the destination IP from the event.

For trademark and copyright information, see Legal Notices.