Trying to understand pulling multiple Windows events logs locations in my example I want Lync Server and the Applicaiton Windows events. Because I am looking for eventID that notifiy's of a soon expiring certificate.
ADD SERVER(\windowsserver.domain.local, "eventlognames=Lync Server|Application", ip=10.101.30.242, domain=domain, customer=CustomerID, custom=WinEvents:RemoteServer, sfbsite=CustomerSite, sfbpool=SFBpool.domain.com)
Doesn't seem to be working please let me know the correct syntax for two log names.
The Winevents config is set up to only see either the 'Lync Server' or 'Security' logs at this time from Skype servers. We do reference some customizations in our online help to enable other logs to be collected but I do not have a good example at this point. I will follow up internally to see if we have any additional documentation that can be posted to help clarify the process. Stay tuned...
Yeah I am looking for event ID 64 in the applicaiton log which gives a warning when one of the certificates in Skype For Business is about to expire.
I wanted to point out that there are other solutions in Prognosis as well that utilize the windows event log.. both out of the box and custom. I use it reguarly.
MPEvent is a record that is included on all deployments I believe and it has a slightly filtered Windows event log on Windows and other records on AIX/Unix/Linux. HPNonStop has its own record.. but the other platforms share it. It does require I believe SRV in your license or that license code to be embedded to use MpEvent though.
Quick Example from the system I happen to be on now.. something else to look into possibly.