I have two syslog based event source machines
1) se7 (192.168.0.121)
2) lab-world (192.168.0.6)
both machines sends their logs/events to sentinel.

I attempt a ssh login from 'lab-world'(source/ssh client) to 'se7'(ssh
server), and then Click Search on Sentinel Web UI. Search is showing me
following
SouceIP(sip): 192.168.0.6
TargetHostName(dhn): se7
ObserverHostName(sn): se7
ReporterIP(repip): 192.168.0.121
http://susepaste.org/75410278

whats the difference b.w "TargetHostName(dhn)" and
"ObserverHostName(sn)" ? as in my case both are same, but is there a
possibility that "shn" and "dhn" are different ?


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: https://forums.netiq.com/member.php?userid=1016
View this thread: https://forums.netiq.com/showthread.php?t=3050