none
OMS gateway and group policy

    Question

  • Hi,

    Can i send the logs of all windows devices to OMS gateway using group policy. customer do not want to send logs through agent to avoid performance issues. As lot of agent install on the windows devices.

    https://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/  

    Can i send logs from Windows event collector  (mentioned in above link) to OMS?


    Regards, Abhishek


    Abhishek Joshi | Blog :- www.Technotra.com www.MicrosoftTechEd.com


    Thursday, September 28, 2017 8:13 AM

All replies

  • Hi

    OMS gateway is basically a proxy specific for OMS. When you install OMS agent you have the option to specify proxy settings. You can create a script that will run trough all your machines and configure the proxy. You can also create a script that will change the proxy configuration on already installed agents. You can use any option group policy has to run scripts or installs applications.

    $OMSAgentProxyURL = "https://proxy.com:443"
    $healthServiceSettings = New-Object -ComObject 'AgentConfigManager.MgmtSvcCfg'
    
    $healthServiceSettings.SetProxyInfo($OMSAgentProxyURL, '', '')
    
    Restart-Service -Name HealthService
    Mark this replied as answer if it is what you are looking for.

    Thursday, September 28, 2017 2:05 PM
  • Hi

    You'll need to install the Microsoft Monitoring Agent on every server and configure it to forward to OMS (via the gateway if needed). You should be able to deploy the agent using group policy (see Stoyans answer below).

    For Windows event forwarding - no:

    https://feedback.azure.com/forums/267889-log-analytics/suggestions/6519221-use-windows-event-forwarding-wef-to-send-events

    Cheers

    Graham


    Blog - http://www.f1point2.com/ Twitter - https://twitter.com/F1Point2_Graham

    Sunday, October 1, 2017 5:35 PM