question

ManuelMonteiro-7115 avatar image
0 Votes"
ManuelMonteiro-7115 asked CyrAz edited

SCOM as a Log Aggregator / SIEM

Hello there.

I don't know much, a part from very basics - non hands on, of SCOM.
Can SCOM be used for Log Aggregation use case? Imagine multiple Windows Servers sending and centralizing each log for SCOM, and network/security devices like switches and firewalls sending logs (syslogs). Can this, somehow, work like log aggregation similar to a SIEM? Would be friendly to centralize logs from non Windows devices from syslog? or only SNMP would be allowed for perf. monitoring for non Windows devices?

msc-operations-manager
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CyrAz avatar image
0 Votes"
CyrAz answered CyrAz edited

You technically can collect logs from various sources (event log, text log, snmp, syslog...) but I definitely wouldn't recommend SCOM for that usage. You can't do any kind of aggregation nor advanced search, they just sit in the database as plain text (and they fill it up quickly!)
If you want to stay with Microsoft, Log Analytics is a much better solution.
Otherwise you'll find third party products such as Splunk or ELK which are also very well suited to that task.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.