ATT's worden in het Engels gegeven, tenzij alle aanwezigen Nederlands spreken.

Please note that ATT's will be held in English, unless all people present speak Dutch

Course Overview

Novell Sentinel Log Manager 1.1 provides high event-rate processing, long-term data retention, and regional data aggregation. It also provides simple searching and reporting functionality for a broad range of applications and devices. Novell Sentinel Log Manager collects data from a wide variety of devices, including intrusion detection systems, firewall, operating systems, routers, Web servers, databases, switches, mainframes, and anti virus event sources.

Introduction to Sentinel Log Manager

• Differences between SLM 1.0 and 1.1
• SEIM vs log management
• What is Sentinel Log Manager
• Data and logic flow

Data Storage

• Configuring data storage
• Data archiving
• Data retention policies
• Configuring disk space usage
• Verifying Raw data files
• Archive data capacity
• Sequential-access storage
• Hands-on data storage workshop

Data Collection

• Event Source Management
• Setting up the Syslog server
• Setting up the Audit server
• Components
• Health Status
• ESM Filters
• Statistics
• Hands-on Event Source Management

Administration

• Creating Users and Groups
• Tagging a Group
• Modifying, moving, and deleting Users and Groups
• Administration Hands-on exercise

Adding Collector Managers

• Data from Unknown sources
• Windows WMS services
• Hands-on Syslog source
• Hands-on Windows source

Searching

• Running a search
• Refining and viewing searches
• Exporting search results
• Saving queries as templates
• Sending search results to an action
• Apache Lucene
• Hands on Search exercise

Reporting

• Running reports
• Scheduling reports
• JasperReports and JSON
• Adjusting report parameters
• Extracting and importing reports from collector packs
• Exporting report results
• Reporting workshop

Distributed Search

• Configuring a server for distributed search
• Searching event data
• Managing event data
• Troubleshooting

Tags

• Adding a Tag
• Associating a Tag with different objects
• Performing text-refined searches
• Managing Tags
• Tags workshop

Rules

• Configuring Rules
• Configuring Actions
• Handling Auto-created sources with TZ
• Forwarding events to Sentinel Link
• Hands-on Rules Exercises