Course Locator

Sentinel Log Manager 1.2 [Course 8209]

Course Overview

NetIQ Sentinel Log Manager 1.1 provides high event-rate processing, long-term data retention, and regional data aggregation. It also provides simple searching and reporting functionality for a broad range of applications and devices. NetIQ Sentinel Log Manager collects data from a wide variety of devices, including intrusion detection systems, firewall, operating systems, routers, Web servers, databases, switches, mainframes, and anti virus event sources. In this course you install, configure, and collect event data from several of these sources.

ON-DEMAND: This course is available as part of the Full Library or the NetIQ Solution Library.  Click the "Buy On-demand" button for details on purchasing these libraries.

Training Level: 2 - Intermediate

Duration: 3 Days

Key Objectives

During this course, some of the key objectives you will learn are:

  • Installation and configuration of the Sentinel 1.1 software appliance
  • Policy-based data storage and archiving
  • Data collection of syslog and auditing logs
  • Remote Collector Manager installation and configuration
  • Using Tags in searching and reporting
  • Report field control using One-click reporting
  • Configuring Distributed Search
  • New rules and actions
  • Using Sentinel Link to escalate

Audience Summary

This course is designed for security analysts and administrators who will be installing, configuring and managing the day-to-day upkeep of Sentinel Log Manager. It additionally provides an update to the Course 8205, Secure Log Manager 1.0.

Course Prerequisites

Before taking this course, you should have a basic understanding of the current Log Management and Security Information Event Management (SIEM) marketplace.

Course Outline

During this course, you learn the following:
  • SECTION 1 - Introduction to Sentinel Log Manager 1.1
  • Objectives: Differences - SEIM vs log management - What is Sentinel Log Manager? - Data and logic flow architecture Sentinel Log Manager interfaces
  • SECTION 2 – Data Storage
  • Objectives: Configuring data storage  - Data archiving - Data retention policies - Configuring disk space usage - Verifying Raw data files - Archive data capacity - Sequential-access storage
  • SECTION 3 – Data Collection
  • Objectives: Event Source Management - Setting up Syslog server - Setting up Audit server - Components - Performing text-refined searches - Managing Tags
  • SECTION 4 – Remote Collector Manager
  • Objectives: Advantages of additional collector managers - Adding and configuring a new collector manager - ActiveMQ Keys - Windows WMS services
  • SECTION 5 – Administration
  • Objectives: Users and groups - Tagging - Creating LDAP user accounts - LDAP authentication - Permissions - Security filters
  • SECTION 6 – Queries
  • Objectives: Running a search - Refining searches - Viewing results - Exporting search results - Saving a query as a template
  • SECTION 7 – Reporting
  • Objectives: Running and scheduling reports - Viewing reports - Report Parameters - Extracting, adding, deleting and renaming reports - Marking results - Favorites - Exporting reports
  • SECTION 8 – Distributed Search
  • Objectives: Configuring a server for Distributed Search - Searching event data - Managing event data - Running reports - Troubleshooting Distributed Search
  • SECTION 9 – Rules and Actions
  • Objectives: Configuring rules and actions - Handling auto-created sources and more!

Course Description

Related Courses

You might also be interested in: