You will actually want to forward syslogs to each of the collectors in your environment. So within the syslog.conf you will want to have multiple entries for your multiple collectors. OR.... you can look at all of the available syslog forwarder tools out there (ex: Kiwi Syslog Server, etc.).
The reason why you need to forward SYSLOG events to all collectors is because of our high availability offered in 5.0. SCOM will only receive SYSLOG events from the collector actively monitoring the ESX Host that generated the SYSLOG event. Should that ESX Host move over to a collector (due to collector failure, or being moved manually by a MC Administrator) that does not receive SYSLOGs, you will not see any SYSLOGs generated within SCOM. By forwarding SYSLOG events to all collectors you can ensure that regardless the collector SYSLOG events will make it to SCOM.
Hope this helps! Please let us know if you have any additional questions!
Brian Pavnick | Cireson| Solutions Architect
- Follow me on Twitter @ vbpav
- Reach me on e-mail @ email@example.com