Syslog -> SCOM

Some customers is asking for Syslog-monitoring via SCOM, Jalasoft have the ability to monitor syslogs.

Now SecureVantage have a option to do this using the ACS…

The Secure Vantage Audit Collection Syslog Gateway provides centralized security event collection, analysis and reporting across platforms and applications. The Audit Collection Syslog Gateway enables customers to forward syslog event streams to a central gateway server for integration with the ACS collection stream.

Features Overview:

  • Syslog event processing
  • ACS integration
  • Syslog Management Pack
  • Generic Reports
  • Generic Report Templates
  • Base Reporting Integration
  • Optimization Guidance

More info at: http://www.securevantage.com/ProductsACSsyslogGateway.html


VMware to Acquire Thinstall

Looks like Microsoft Softgrid/Application Virtualization is gonna get some more competition… VMware have a huge customerbase.

VMware is excited to announce the acquisition of Thinstall, a complementary virtualization solution provider. By using Thinstall’s unique, agentless application virtualization technology, desktop administrators can realize immediate benefits. Thinstall enables the rapid delivery of complex software applications cost effectively and with increased security. Thinstall products require no pre-installed software on physical clients, no new deployment infrastructure or systems management tools, and make it easy for IT staff to quickly, safely and securely deploy virtualized applications.

http://www.vmware.com/company/news/releases/thinstall.html


SCOM Alert History Grooming

Myself and Pontus Blomqvist found a small but annoying bug…

If you have an alert in SCOM that still isn’t resolved but an entry in the history is older than your grooming-settings the history-data will be groomed.

Why? If you look in to the stored procedure named p_AlertGrooming you can se that it works like this:
- Get setting for Grooming (Deleting)
- Loop thru all alerts that have resolution state = 255 (closed)
—- Groom the history-data for the alert
—- Groom the alert
- Groom all alert-history that are older than the grooming-setting (No matter what resolution state)

So the last step is not needed since the history is groomed when the resolution state is set to 255.

Workaround:
Find the delete-rows in the stored procedure named p_AlertGrooming and comment them out…

Change this 2 rows from:

DELETE dbo.AlertHistory
WHERE TimeAdded < @GroomingThresholdUTC
 

to:

– Change by Rikard Ronnkvist to keep history data from being groomed
– DELETE dbo.AlertHistory
– WHERE TimeAdded < @GroomingThresholdUTC