Hi,

I am seeing an issue where the SCOM (2012) agent on a couple of servers cannot cope with a large number of event log entries and maxing out the processor. When I say a large amount I really do meen a ridiclious amount compared to what a server normally churns out - its a factory system that seems to log thousands of events every few seconds. I can fix the problem by stopping the application service (hence stopping the events) and all is then OK. Can I somehow tune the SCOM agent to throttle what it tries to do or can I even override it to tell it to ignore certain events (or certain application logs) on certain servers (but not all as obviously I still want normal stuff monitored)?

thanks

Try override all rules/monitors that look at the event log that this is happening to. This could be many. or just run the agent task to list all running rules and monitors on that one box, and override those specific rules and monitors that look at that event log, that would be an easier task, but would still take a considerable amount of time and effort. Once you have the list of what is running on the agent you could use mp viewer to figure out which rules/monitors look at event logs.

I wonder if the product team knows of an easier way around this...

Thanks for that Scott. I am going to mark this is as answered. It turns out I have been given slightly wrong information in that its memory and not CPU usage that is the problem. The above is useful anyway and I shall ask the question again from a memory perspective.