2

I want to collect all events in all windows servers (nearly 50 server) (from windows event viewer) in SCOM, and full text search on it.

My question is: how can I do it?

Ward - Reinstate Monica
  • 12,788
  • 28
  • 44
  • 59
sorosh_sabz
  • 171
  • 10

1 Answers1

3

As I CyrAz says in Microsoft Technet

Short answer : you can't, and you shouldn't.

Use an actual log management system if you need one (LogAnalytics, ELK, Splunk...)

Longer answer : you could create a regular event collection rule for every event log, but that would create an enormous amount of data. SCOM database is not made for this usage. However, what SCOM has out of the box is the ACS role, which is only supposed to collect Security event. But you could trick ACS into collecting every type of event with the Security Log Gateway extension, created by Daniele Grandini (his blog explaining the extension : https://nocentdocent.wordpress.com/2010/03/10/extending-acs-beyond-security-logs/ )

sorosh_sabz
  • 171
  • 10
  • Thanks for posting an explanation, I did not realize that one can't and shouldn't do this. You can also look into EventSentry which can consolidate (all) events and make them searchable. – Lucky Luke Dec 27 '18 at 19:26