Home > SysLog Monitoring > Syslog Event Collection

Syslog Event Collection

A run through of how to create a syslog event collection rule and create an associated view:
https://systemcentersolutions.files.wordpress.com/2010/01/syslogeventviewing.pdf

Advertisements
Categories: SysLog Monitoring
  1. fraserhardy
    March 21, 2010 at 3:36 pm

    Hi,

    I have followed your guide on setting up SCOM to collect syslog however I am still having a few problems. Firstly I want to be able to have the SCOM server itself do the collecting of the syslog messages. In your guide it only provides the option of selecting one of the other agents and not the scom management server itself.

    I have set it up to monitor using a different server but am still not getting the syslog mesages I would expect. If you have any further information I would be very greatful as I need to get this set up asap.

    Many Thanks.

    • March 23, 2010 at 8:33 pm

      1) I would not recommend that you use a SCOM Management Server and definitely not the SCOM Root Management Server for this. You should have a dedicated agent as the Management Servers have other (resource intensive) duties to perform.

      2) First step of troubleshooting is to do a netstat –an on the server receiving the Syslog messages to make sure it is listening on port 514 (UDP). Also make sure that windows firewall is turned off. After that, check the source server to make sure it is able to send the syslog messages. I would make the monitor as generic as possible to begin with (perhaps even to collect all syslog messages) to make sure the base monitoring is working. Then you can start to make the monitor more specific in terms of facilities and priorities.

  2. February 8, 2011 at 3:09 am

    I needed to monitor syslogs from ESXi, and your guide really helped me out. I took it a bit further and created a custom MP /w a parsing script to give me a really good event output. If anyone else is looking for something like that, I posted a guide on my blog here: http://windowsmasher.wordpress.com/2011/02/07/monitoring-esxi-syslogs-with-opsmgr-2007-r2/ .

  1. February 8, 2011 at 3:19 am

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: