SCOM ACS Filter
Hi Everyone,
We have a SCOM 2007R2 installed in domain A and we like to install ACS functionality to collect security logs of servers which is in another domain B.So we decided to have a SCOM GW in place in domain B and install ACS on the GW ,also to have DB installed in
domain B for ACS.
We have given a list of events from each application team from the forwarders which has to be stored in ACS Db.Iam bit worried now as I know that we can set filters in ACS collector to drop events,but is it possible for us to allow only the specific events
to get stored in ACS DB.
adtadmin /setquery /collector:"collector name" /query:"SELECT * FROM AdtsEvent WHERE (EventId=19 OR EventId=516 OR EventId=517 OR EventId=551 OR EventId=560 OR EventId=562 OR EventId=563 )
will my above filter will only allow event 19,516,517,551,560,562and 563 to get stored in DB and other events will get dropped. I have not used
WHERE NOT instead I have used only WHERE in the query.
Kindly suggest me if my understanding is wrong.
raj
May 4th, 2012 2:29am
Hi Raj,
Your understanding is correct..
SELECT * FROM AdtsEvent Where >>> will store the selected conditions
SELECT * FROM AdtsEvent Where NOT >>>
will exclude the selected conditionsRegards, Mazen Ahmed
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 7:08am
Hi Ahmed,
Thanks a lot for your clarification.raj
May 7th, 2012 1:33am