I am new to LI and I have 3 questions. I have 2 sites. Site A a LI 4.3 3-node cluster and Site B has no LI yet.
1. To collect logs from Site B, do I just install a LI forwarder in Site B and point it back to the LI cluster in Site A? (assuming connectivity, firewalls permitting)
2. Will I be able to schedule when the logs from Site B's forwarder get sent? i.e. after office hours?
3. Is there a way for LI to monitor logs from SCVMM?
Thank you very much for any assistance rendered.
1. yes: forwarding from one site to another would be the option
separate instance or as forwarding rule on main local li server: depending on your needs/structure
2. no scheduling in li
advanced solution could be to schedule firewall rule changes after-office-hours allowing li fwd, if events accumulated <2,000 MB max buffer currently
3. yes: li can monitor file logs & windows event channels
View solution in original post