Novell Doc: Sentinel 6.1 Reference Guide

C.2 Collector Manager

Table C-2 Collector Manager

Sentinel Component	Sentinel Service	Sentinel Process	Function summary	Permissions required	Permission Explanation
Collector Manager	Sentinel	java agentengine (child process)	Manages Connectors and Collectors. It spawns off an agentengine process for each Collector it manages. Collector Manager also publishes system status messages, performs global filtering of events, and performs referential mappings. The agentengine process runs as an interpreter for Collector scripts, which normalize unprocessed (raw) events from security devices and systems producing event, vulnerability, and asset data that Sentinel can analyze and store in its database.	Network access (both outgoing access and local access to bind to ports greater than 1024) File read access to: ESEC_HOME/config ESEC_HOME/lib ESEC_HOME/jre File write access to: ESEC_HOME/data ESEC_HOME/log NOTE:Additionally, will need access to other resources depending which Connectors it is configured to run and which Event Sources it connecting to. Please refer to the individual Connector documentation for any additional permission requirements.	It communicates with iSCALE for configuration, event processing, and mapping data. It reads local configuration files and uses the java executable. It writes log files as well as caches data in the local file system.

Sentinel Component

Sentinel Service

Sentinel Process

Function summary

Permissions required

Permission Explanation

Collector Manager

Sentinel

java

agentengine (child process)

Manages Connectors and Collectors. It spawns off an agentengine process for each Collector it manages. Collector Manager also publishes system status messages, performs global filtering of events, and performs referential mappings. The agentengine process runs as an interpreter for Collector scripts, which normalize unprocessed (raw) events from security devices and systems producing event, vulnerability, and asset data that Sentinel can analyze and store in its database.

Network access (both outgoing access and local access to bind to ports greater than 1024)

File read access to:

ESEC_HOME/config
ESEC_HOME/lib
ESEC_HOME/jre

File write access to:

ESEC_HOME/data
ESEC_HOME/log

NOTE:Additionally, will need access to other resources depending which Connectors it is configured to run and which Event Sources it connecting to. Please refer to the individual Connector documentation for any additional permission requirements.

It communicates with iSCALE for configuration, event processing, and mapping data.

It reads local configuration files and uses the java executable.

It writes log files as well as caches data in the local file system.