Technical Specifications

• Compression: Up to 10:1
• Devices: 1000
• Max EPS: 2,500 and 500 respectively
• CPU: 1 x Intel Xeon E5450@3GHz (4 core CPU) or 2 x Intel Xeon L5240@3GHz (2 core CPU)
• RAM: 4GB
• Storage: 2 x 1TB - 7.2k RPM (Hardware w/256MB cache, RAID 1)

• Compression: Up to 10:1
• Devices: 2000
• Max EPS: 7,500
• CPU: 2 x Intel Xeon X5470@3.33GHz (4 core CPU)
• RAM: 8GB
• Storage: 6 x 450GB, 15k RPM drives, (Hardware RAID w/512MB cache, RAID 5)

• CPU: 1x Dual Core
• RAM: 256MB
• Storage: 1GB Disk Space

• Sentinel Log Manager is certified to run on 64-bit SUSE® Linux Enterprise Server 11.
• The Collector Manager is supported on the following platforms:
  • SUSE Linux Enterprise Server 11 (32-bit and 64-bit)
  • SUSE Linux Enterprise Server 10 SP2 (32-bit and 64-bit)
  • Windows 2003 (32-bit)
  • Windows Server 2008 (64-bit)

• VMWare ESX/ESXi/4.0 or higher
• Xen 3.1.1

• Mozilla Firefox 3
• Microsoft Internet Explorer 8

• Audit Connector
• Check Point LEA Process Connector
• Database Connector
• Data Generator Connector
• File Connector
• Process Connector
• Syslog Connector
• SNMP Connector
• SDEE Connector
• Sentinel Link Connector
• WMS Connector

NOTE: The Mainframe and SAP Connectors require a separate license.

Important Note: All event sources (devices) are supported if there is a suitable connection method to access the event source's data. Sentinel Log Manager includes Collectors for many event sources. These Collectors perform deep parsing for recognized events coming from the event source. Data from event sources that have a suitable connection method but whose data is unrecognized are processed by the Generic Event Collector, which will analyze the data it receives and attempt to parse the information if it was generated by a supported event source on a best-effort basis. In the worst case, if the Generic Event Collector does not understand the message, it does minimal parsing and places the bulk of the text in the Message field.

Sentinel Log Manager has enhanced support for Syslog and Novell Audit devices. Data collection from these devices can be configured by using a simplified Web interface.

Sentinel Log Manager is capable of collecting data from devices using many other connection mechanisms (for example: Database, File, and SNMP Connectors). Data collection from these devices can be configured by using the Event Source Management interface, which enables you to import and configure the Sentinel 6.0 and 6.1 Connectors and Collectors available at the Sentinel 6.1 content web site.

NOTE: Updated Collectors are posted to the Sentinel 6.1 content web site on a regular basis. Updates typically include fixes, support for additional events, and performance improvements. It is highly recommended that before you start using the system you should download and import (using the Event Source Management Interface) the latest version of the Collectors that you are planning to use.

Collectors supporting the following event sources are bundled with Sentinel Log Manager:

• Cisco Firewall 6/7
• Cisco Switch Catalyst 6500 Series (CatOS 8.7)
• Cisco Switch Catalyst 6500 Series (IOS 12.2SX)
• Cisco Switch Catalyst 5000 Series (CatOS 4.x)
• Cisco Switch Catalyst 4900 Series (IOS 12.2SG)
• Cisco Switch Catalyst 4500 Series (IOS 12.2SG)
• Cisco Switch Catalyst 4000 Series (CatOS 4.x)
• Cisco Switch Catalyst 3750 Series (IOS 12.2SE)
• Cisco Switch Catalyst 3650 Series (IOS 12.2SE)
• Cisco Switch Catalyst 3550 Series (IOS 12.2SE)
• Cisco Switch Catalyst 2970 Series (IOS 12.2SE)
• Cisco Switch Catalyst 2960 Series (IOS 12.2SE)
• Cisco VPN 3000 (4.7.2, 4.1.7, and 4.1.5)
• Extreme Networks Summit X650 (with ExtremeXOS 12.2.2 and earlier)
• Extreme Networks Summit X450a (with ExtremeXOS 12.2.2 and earlier)
• Extreme Networks Summit X450e (with ExtremeXOS 12.2.2 and earlier)
• Extreme Networks Summit X350 (with ExtremeXOS 12.2.2 and earlier)
• Extreme Networks Summit X250e (with ExtremeXOS 12.2.2 and earlier)
• Extreme Networks Summit X150 (with ExtremeXOS 12.2.2 and earlier)
• Enterasys Dragon (7.1 and 7.2)
• Generic Event Collector
• HP HP-UX (11iv1 and 11iv2)
• IBM AIX (5.2, 5,3, and 6.1)
• Juniper Netscreen Series 5
• McAfee Firewall Enterprise
• McAfee Network Security Platform (2.1, 3.x, and 4.1)
• McAfee VirusScan Enterprise (8.0i, 8.5i, and 8.7i)
• McAfee ePolicy Orchestrator (3.6 and 4.0)
• McAfee AV Via ePolicy Orchestrator 8.5
• Microsoft Active Directory (2000, 2003, and 2008)
• Microsoft SQL Server (2005 and 2008)
• Nortel VPN (1750, 2700, 2750, and 5000)
• Novell Access Manager™ 3.1
• Novell Identity Manager 3.6.1
• Novell NetWare® 6.5
• Novell Modular Authentication Services 3.3
• Novell Open Enterprise Server 2.0.2
• Novell Privileged User Manager 2.2.1
• Novell Sentinel Link 1
• Novell SUSE Linux Enterprise Server
• Novell eDirectory™ 8.8.3 with the eDirectory instrumentation patch found on the Novell Support Web Site
• Novell iManager 2.7
• Red Hat Enterprise Linux
• Sourcefire Snort (2.4.5, 2.6.1, 2.8.3.2, and 2.8.4)
• Snare for Windows Intersect Alliance (3.1.4 and 1.1.1)
• Sun Microsystems Solaris 10
• Symantec AntiVirus Corporate Edition (9 and 10)
• TippingPoint Security Management System (2.1 and 3.0)
• Websense Web Security 7.0
• Websense Web Filter 7.0

NOTE: Data collection from the following events sources are supported by Log Manager by using the Audit Connector and can be managed through the web console. In order to enable the web console management of these event sources, you must first use the ESM UI to add an instance of a Collector as well as add one child Connector for the below listed event sources. Once this is done, these event sources appears in the web console under the Audit Server tab.

• Novell iManager
• Novell NetWare 6.5

Collectors supporting additional event sources can either be obtained from Sentinel 6.1 Content web site or built by using the Sentinel Plug-in SDK web site.