SCOM ACS Filter
Hi Everyone, We have a SCOM 2007R2 installed in domain A and we like to install ACS functionality to collect security logs of servers which is in another domain B.So we decided to have a SCOM GW in place in domain B and install ACS on the GW ,also to have DB installed in domain B for ACS. We have given a list of events from each application team from the forwarders which has to be stored in ACS Db.Iam bit worried now as I know that we can set filters in ACS collector to drop events,but is it possible for us to allow only the specific events to get stored in ACS DB. adtadmin /setquery /collector:"collector name" /query:"SELECT * FROM AdtsEvent WHERE (EventId=19 OR EventId=516 OR EventId=517 OR EventId=551 OR EventId=560 OR EventId=562 OR EventId=563 ) will my above filter will only allow event 19,516,517,551,560,562and 563 to get stored in DB and other events will get dropped. I have not used WHERE NOT instead I have used only WHERE in the query. Kindly suggest me if my understanding is wrong. raj
May 4th, 2012 2:29am

Hi Raj, Your understanding is correct.. SELECT * FROM AdtsEvent Where >>> will store the selected conditions SELECT * FROM AdtsEvent Where NOT >>> will exclude the selected conditionsRegards, Mazen Ahmed
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 7:08am

Hi Ahmed, Thanks a lot for your clarification.raj
May 7th, 2012 1:33am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics