OBDC Connector for ACS Windows server to send Event logs to Linux syslog server

I am working on a cross platform project here is the scenario:

UNIX/Linux

We have a Linux syslog server currently in place collecting syslogs from all network appliances and UNIX/Linux systems. From this Linux server, all syslogs are then uploaded to a SIEM appliance.

Windows

We have an SCOM 2012 server in place running ACS. In the past we had SNARE agents running on all 500 windows server. However, we eliminated the agents.

Since all Windows events are stored in a SQL database on SCOM or ACS server, can we use an OBDC connector to interface with the Linux syslog server running SQL and aggregate the windows event logs to this Linux syslog server?

The goal is to have the windows syslog’s target the Linux syslog server which is the one and only syslog server we need to maintain. However, a colleague brought up this idea of using an OBDC connector and due to my limited knowledge of databases, I was wondering if you guys can shed light on this theory.

Thanks in advance.

t
tobe1424Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tobe1424Author Commented:
Is this theory feasible?

please help soonest
0
Leon FesterSenior Solutions ArchitectCommented:
Yes, from a database perspective this is possible.
The SQL database used to store the SCCM information can be accessed by any authorized users just like any other application database.

Your syslog application may not have a direct connector for this so some coding may be needed to:
1. logon to SQL server
2. Extract the required logs (all/filtered list)
3. Import this information into Linux syslog database

The goal is to have the windows syslog’s target the Linux syslog server which is the one and only syslog server we need to maintain.
By design Windows OS logs all events locally.
SCCM is just aggregating the information to a central location for centralized management and reporting.
The data is exportable either directly from the Servers or from the SQL database.

The question would be what is the allowed lag time between events being reported to the Linux syslog server....You could also setup a scheduled extract on the Microsoft SQL Server to export the required dataset which can then be imported into Linux database.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tobe1424Author Commented:
Thanks for the feedback Leon.

I would also think that the Linux syslog application may not have a direct connector. However, what do you mean that "some coding may be needed" ?

What kind of coding?

Best,

T
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.