I have a site running the old and very deprecated Sentinel Log Manager.
I'm setting up a new Sentinel for Log Management environment for them
and I'm looking for a little guidance. They were basically using SLM
just to monitor logins and intruder detection from an OES environment
and LDAP eDir environment, maybe 2 dozen servers at most sending events.
I have setup a Sentinel 8 server using the ISO and it is up and
functioning. I'm trying to determine if I need to setup a collection
manager or not (I know for Correlation they would have to buy
Enterprise, so I'm not doing that now). So first, do I need a
collection Manager? And second, I don't see any good details on
hardware requirements for a collection manager (cpu cores, memory,
disk). I was going to build one using the appliance ISO, but I don't
see any specs on the minimum requirements.

I'm thinking I can just switch all the servers to Sentinel server or
should I be using a Collection Manager?

I also noticed that the update repos for this all still seem to be
labeled Sentinel 7, not 8. Is that correct?



matt's Profile: https://forums.netiq.com/member.php?userid=183
View this thread: https://forums.netiq.com/showthread.php?t=57296