Hello,
I have a site running the old and very deprecated Sentinel Log Manager. I'm setting up a new Sentinel for Log Management environment for them and I'm looking for a little guidance. They were basically using SLM just to monitor logins and intruder detection from an OES environment and LDAP eDir environment, maybe 2 dozen servers at most sending events. I have setup a Sentinel 8 server using the ISO and it is up and functioning. I'm trying to determine if I need to setup a collection manager or not (I know for Correlation they would have to buy Enterprise, so I'm not doing that now). So first, do I need a collection Manager? And second, I don't see any good details on hardware requirements for a collection manager (cpu cores, memory, disk). I was going to build one using the appliance ISO, but I don't see any specs on the minimum requirements.

I'm thinking I can just switch all the servers to Sentinel server or should I be using a Collection Manager?


I also noticed that the update repos for this all still seem to be labeled Sentinel 7, not 8. Is that correct?

Thanks.

Matt