The title pretty much explains the scenario. Is there any built-in way to export or read audit messages concerning who did and what with ConfigMgr to external log management system? I'm talking about the kind of data that Status message queries provide with audit messages... Any suggestions are welcome.

There is nothing built-in, but you can create custom SQL jobs to do that.

The only suggestion I've got is have a look at PowerShell. I think you could use Get-CMSiteStatusMessage and Get-CMComponentStatusMessage for that.

Thanks for the info. SQL view came to my mind also. Any references or examples on the methods you guys suggest?

I can't help you with the SQL information. The PowerShell information can be found here: https://technet.microsoft.com/en-us/library/jj821831(v=sc.20).aspx

SQL SSIS: https://msdn.microsoft.com/library/ms141026.aspx or simple SQL a

I figured this out by creating a status filter rule that writes all the audit messages to Windows eventlog as well. It's pretty easy to get the stuff out from there.

Those PowerShell commands suggested, only open the built-in Status Filter Viewer and do not output the queries into the shell.

• Marked as answer by Narcoticoo 19 minutes ago

I figured this out by creating a status filter rule that writes all the audit messages to Windows eventlog as well. It's pretty easy to get the stuff out from there.

Those PowerShell commands suggested, only open the built-in Status Filter Viewer and do not output the queries into the shell.

• Marked as answer by Narcoticoo 17 minutes ago

I figured this out by creating a status filter rule that writes all the audit messages to Windows eventlog as well. It's pretty easy to get the stuff out from there.

Those PowerShell commands suggested, only open the built-in Status Filter Viewer and do not output the queries into the shell.

• Marked as answer by Narcoticoo Friday, March 13, 2015 7:19 AM