Monitoring HC3 syslog events via Microsoft System Center Operations Manager (SCOM)

scale

While HC3 provides both a great built in "at a glance" view of active conditions that require attention as well as proactive remote notification emails to find you if you are out on the golf course ... or just doing other things Sometimes you also want those events and actions to be monitored elsewhere as well. Fortunately - all activity that is displayed in the "Cluster Log" portion of the UI can also be sent to a remote syslog server for collection, reporting and analysis

For my own "lab" I have used the free edition of Splunk Light to collect syslog events from multiple HC3 clusters and even build a crude little dashboard to highlight what I care about (perhaps another post some time) ... but we have been asked about Microsoft System Center a few times so I decided to try it out. Turns out it is pretty easy to configure SCOM to receive and process / filter syslog events sent from a HC3 cluster as shown below... and obviously there are tons of other tools that could do the same. If there is a need I could probably share the steps I went through to create rules but I'm guessing SCOM admins are already way ahead of me there...

There are a few useful docs on our portal relating to syslog in general
Partners
Customers

and Splunk LIght proof of concept that may be of interest
Partners
Customers

https://us.v-cdn.net/6029942/uploads/editor/si/ml3236xfzkj1.png

and after some rule creation to categorize different severity levels
https://us.v-cdn.net/6029942/uploads/editor/gs/ibyz61nib104.png