6.0 Configuring Data Collection

Sentinel can collect data from a wide range of event sources, such as intrusion detection systems, firewalls, operating systems, routers, databases, switches, mainframes, antivirus applications, and Novell applications. A modular architecture divides the task of protocol-level connections (Connectors) and the parsing logic (Collectors) for specific event sources.

Sentinel supports a wide variety of Connectors and also includes a variety of Collectors. The configuration required to integrate a new event source with Sentinel varies, depending on the type of event source and the communication method selected.

You should review the Collector and Connector documentation for any new event source integration to ensure that all available features are enabled. Collector plug-ins also come with Collector packs. For more information, see Extracting Reports from Collector Packs in the NetIQ Sentinel 7.0.1 User Guide.

The configuration required to integrate a new event source with Sentinel varies depending on the type of event source and the communication method selected.