Environment
Sentinel 5.1.3
Sentinel 6.0.xx
Sentinel 6.0.xx
Situation
For customers who are considering migrating their present Sentinel
instance or deploying a new Sentinel 6 instance, differences in how
Collectors are handled with Sentinel 6's Event Source Management
vs. previous Sentinel versions require modification in how
Collectors are deployed. For example, Sentinel 6 utilizes separate
Connectors (i.e., how the source device communicates with the
Collector) to be used in concert with the appropriate Collector
(also historically known as an Agent).
Resolution
At present a subset of Collectors that were built for Sentinel
5.1.3 and earlier versions have been certified with Sentinel 6
(listed below). The documentation for these Collectors was written
with respect to deploying with Sentinel 5.1.3. To assist
customers and Novell employees deploy 5.x Collectors with Sentinel
6, the Sentinel team has created the following transitional
documentation:
Using 5.x Collectors in Sentinel 6
Audit Connector Differences in Sentinel 6
Database (DB) Connector Differences in Sentinel 6
File Connector Differences in Sentinel 6
Syslog Connector Differences in Sentinel 6
Window Management Instrumentation (WMI) Connector Differences in Sentinel 6
These documents supplement the Sentinel 6 Event Source Management documentation and the documents that accompany each 5.x Collector. They explain the configuration differences and functionality differences (where applicable) between using the collector in Sentinel 5.x and Sentinel 6. These documents can be found athttps://www.novell.com/documentation/sentinel6/and will be helpful for customers redeploying Novell Collectors or custom Collectors.
Novell is presently working to update all existing Sentinel 5.1.3 Collectors and their documentation to deploy seamlessly with Sentinel 6. All 5.x collectors listed on the collector website with a date of 2007-07-10 or later, as well as the ones listed below, are certified to work with Sentinel 6. A Sentinel 6 collector page will be posted shortly with the Sentinel 6 collectors only.
Cisco Secure IDS 4.x via RDEP
Cisco VPN via Logfile
Cisco VPN 3000 via Syslog or Logfile
eEye Retina via JDBC
Enterasys Dragon 7.1 via Logfile
Foundstone Enterprise via JDBC
IBM Internet Scanner via JDBC
IBM SiteProtector 2.x SP5 via JDBC
IBM SiteProtector 2.x SP5 via ODBC
IBM SiteProtector 2.x SP6 via JDBC
IBM SiteProtector 2.x SP6 via ODBC
Juniper IDP 3 via Logfile
Juniper Netscreen 5 via Syslog
McAfee Entercept via JDBC
McAfee ePolicy Orchestrator via JDBC
McAfee ePolicy Orchestrator 3 via Database
McAfee Intrushield Manager 2.1 via JDBC
Microsoft SQL 2000 via JDBC
Microsoft SQL 2000 via ODBC
Microsoft SQL Server 2005 via JDBC
Microsoft SQL Server 2005 via ODBC
Microsoft Windows 2000/2003/XP via WMI
Nessus 3.x via Logfile
Nessus Scanner via Logfile
Nmap 4.x via Logfile
Novell Sentinel Audit Content Package
Novell SLES 10 via Syslog
Oracle 9i via JDBC
Qualys QualysGuard via Logfile
Sourcefire SNORT 2.x via Logfile
Sourcefire SNORT 2.x via JDBC
Sourcefire SNORT 2.x via ODBC
Symantec Intruder Alert 3.6x via Logfile
TippingPoint Security Management System 2.1 via Logfile
Trend Micro Network VirusWall via JDBC
Using 5.x Collectors in Sentinel 6
Audit Connector Differences in Sentinel 6
Database (DB) Connector Differences in Sentinel 6
File Connector Differences in Sentinel 6
Syslog Connector Differences in Sentinel 6
Window Management Instrumentation (WMI) Connector Differences in Sentinel 6
These documents supplement the Sentinel 6 Event Source Management documentation and the documents that accompany each 5.x Collector. They explain the configuration differences and functionality differences (where applicable) between using the collector in Sentinel 5.x and Sentinel 6. These documents can be found athttps://www.novell.com/documentation/sentinel6/and will be helpful for customers redeploying Novell Collectors or custom Collectors.
Novell is presently working to update all existing Sentinel 5.1.3 Collectors and their documentation to deploy seamlessly with Sentinel 6. All 5.x collectors listed on the collector website with a date of 2007-07-10 or later, as well as the ones listed below, are certified to work with Sentinel 6. A Sentinel 6 collector page will be posted shortly with the Sentinel 6 collectors only.
Cisco Secure IDS 4.x via RDEP
Cisco VPN via Logfile
Cisco VPN 3000 via Syslog or Logfile
eEye Retina via JDBC
Enterasys Dragon 7.1 via Logfile
Foundstone Enterprise via JDBC
IBM Internet Scanner via JDBC
IBM SiteProtector 2.x SP5 via JDBC
IBM SiteProtector 2.x SP5 via ODBC
IBM SiteProtector 2.x SP6 via JDBC
IBM SiteProtector 2.x SP6 via ODBC
Juniper IDP 3 via Logfile
Juniper Netscreen 5 via Syslog
McAfee Entercept via JDBC
McAfee ePolicy Orchestrator via JDBC
McAfee ePolicy Orchestrator 3 via Database
McAfee Intrushield Manager 2.1 via JDBC
Microsoft SQL 2000 via JDBC
Microsoft SQL 2000 via ODBC
Microsoft SQL Server 2005 via JDBC
Microsoft SQL Server 2005 via ODBC
Microsoft Windows 2000/2003/XP via WMI
Nessus 3.x via Logfile
Nessus Scanner via Logfile
Nmap 4.x via Logfile
Novell Sentinel Audit Content Package
Novell SLES 10 via Syslog
Oracle 9i via JDBC
Qualys QualysGuard via Logfile
Sourcefire SNORT 2.x via Logfile
Sourcefire SNORT 2.x via JDBC
Sourcefire SNORT 2.x via ODBC
Symantec Intruder Alert 3.6x via Logfile
TippingPoint Security Management System 2.1 via Logfile
Trend Micro Network VirusWall via JDBC