All event sources (devices) are supported, if there is a suitable connector to access their data. Novell Sentinel Log Manager provides collectors for many event sources. These collectors perform deep parsing of recognized events coming from the event sources. Data from event sources that have a suitable connectors, but whose data is unrecognized are processed by the Generic Event Collector. On a best-effort basis the Generic Event Collector analyses the received data and attempts to parse the information, if it was generated by a supported event source. If the Generic Event Collector does not understand the message, it does minimal parsing and places the bulk of the text in the field.
Sentinel Log Manager has enhanced support for data collection from Syslog and Novell Audit devices and the data collection can be configured by using the Sentinel Log Manager Web interface.
Sentinel Log Manager is also capable of collecting data from other devices by using many other connectors (for example: Database, File, and SNMP Connectors). Data collection from these devices can be configured by using the Event Source Management interface, which enables you to import and configure the Sentinel 6.0 and 6.1 connectors and collectors.
NOTE:Updated collectors and connectors are posted to the Sentinel 6.1 Content Web site on a regular basis. Updates typically include fixes, support for additional events, and performance improvements. Always download and import the latest version of the collectors and connectors.
Collectors that support the following event sources are pre-installed with Novell Sentinel Log Manager:
Cisco* Firewall (6 and 7)
Cisco* Switch Catalyst 6500 Series (CatOS 8.7)
Cisco* Switch Catalyst 6500 Series (IOS 12.2SX)
Cisco* Switch Catalyst 5000 Series (CatOS 4.x)
Cisco* Switch Catalyst 4900 Series (IOS 12.2SG)
Cisco* Switch Catalyst 4500 Series (IOS 12.2SG)
Cisco* Switch Catalyst 4000 Series (CatOS 4.x)
Cisco* Switch Catalyst 3750 Series (IOS 12.2SE)
Cisco* Switch Catalyst 3650 Series (IOS 12.2SE)
Cisco* Switch Catalyst 3550 Series (IOS 12.2SE)
Cisco* Switch Catalyst 2970 Series (IOS 12.2SE)
Cisco* Switch Catalyst 2960 Series (IOS 12.2SE)
Cisco* VPN 3000 (4.1.5, 4.1.7, and 4.7.2)
Extreme Networks Summit X650 (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X450a (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X450e (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X350 (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X250e (with ExtremeXOS 12.2.2 and earlier)
Extreme Networks Summit X150 (with ExtremeXOS 12.2.2 and earlier)
Enterasys Dragon (7.1 and 7.2)
Generic Event Collector
HP HP-UX (11iv1 and 11iv2)
IBM AIX (5.2, 5.3, and 6.1)
Juniper* Netscreen* Series 5
McAfee* Firewall Enterprise
McAfee* Network Security Platform (2.1, 3.x, and 4.1)
McAfee* VirusScan* Enterprise (8.0i, 8.5i, and 8.7i)
McAfee* ePolicy Orchestrator (3.6 and 4.0)
McAfee* AV Via ePolicy Orchestrator 8.5
Microsoft Active Directory (2000, 2003, and 2008)
Microsoft SQL Server* (2005 and 2008)
Nortel VPN (1750, 2700, 2750, and 5000)
Novell Access Manager 3.1
Novell Identity Manager 3.6.1
Novell Netware 6.5
Novell Modular Authentication Services 3.3
Novell Open Enterprise Server 2.0.2
Novell Privileged User Manager 2.2.1
Novell Sentinel Link 1
Novell SUSE® Linux Enterprise Server
Novell eDirectory™ 8.8.3 with the eDirectory instrumentation patch found on the Novell Support Web Site
Novell iManager 2.7
Red Hat Enterprise Linux
Sourcefire* Snort* (2.4.5, 2.6.1, 2.8.3.2, and 2.8.4)
Snare for Windows Intersect Alliance (3.1.4 and 1.1.1)
Sun* Microsystems Solaris* 10
Symantec AntiVirus Corporate Edition (9 and 10)
TippingPoint Security Management System (2.1 and 3.0)
Websense Web Security 7.0
Websense Web Filter 7.0
NOTE:To enable data collection from the Novell iManager and Novell Netware 6.5 event sources, add an instance of a collector and a child connector (Audit connector) in the Event Source Management interface for each of the event sources. Once this is done, these event sources appears in the Sentinel Log Manager web console under the tab.
Collectors supporting additional event sources can either be obtained from Sentinel 6.1 Content Web site or built by using the SDK plug-ins that are available on the Sentinel Plug-in SDK Web site.