IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Collecting Events From Microsoft SCOM

  • 1.  Collecting Events From Microsoft SCOM

    Posted Thu July 22, 2021 03:44 PM

    Hello,

    we want to pull event logs from Microsoft System Center Operations Manager.

    We read documentation on https://www.ibm.com/docs/en/dsm?topic=microsoft-jdbc-log-source-parameters-system-center-operations-manager and related pages, but we haven't found any indications on how to configure System Center to collect relevant events.

    Has someone already configured this and could give us some advice or best practices?

    Best Regards

    Davide



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Collecting Events From Microsoft SCOM

    Posted Fri July 23, 2021 05:44 AM

    Hi,

    The instruction in the link seems pretty clear and only thing that you need to find out is the database name which could be OperationsManager but you can clarify this from your SCOM admin/team.

    Make sure server firewall and infrastructure firewall (if any) rule allow on the database server that accepts connections from the QRadar server specificed in target event collector field in the log source configuration where you have created the JDBC log source. Open TCP port 1433 (default) or whichever port the SQL Server is accepting connection on. https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-windows-firewall-for-database-engine-access

    If you haven't tried that out, I would suggest that you go ahead and create the log source and it should work.



    #QRadar
    #Support
    #SupportMigration