Important configuration changes for IIS log collection in Operations Management Suite

Are you using IIS Log Collection for Operational Insights (now a part of Operations Management Suite)? If so, please read on.  This change will affect your Operations Management Suite (OMS) workspace.

On Wednesday, June 3rd  we will be pushing down new Operations Manager rules that will change how your IIS logs are sent to OMS.

Currently we push all IIS logs through your management servers before being sent to OMS.  We’ve found that in some cases this was putting too much load on the management servers.  In order to fix this, we’re going to be routing these logs from the agents straight to OMS – bypassing the management servers completely. 

We use the same configuration for the collection of security events for the Security and Audit solution.  If you are already using this solution, you are likely already prepared for this change.

In order to configure your agents to handle this change, here’s what you’ll need to do:  

From the Operations Manager console, in the ADMINISTRATION pane, click on Operational Insights connection.

Click on Configure Proxy Server and input your proxy address.  This will be used by both the management server and the agents.

If your proxy requires authentication, you will need to set up a “Run As” account

If you have firewall rules on the agents you will also need to update these firewall rules to allow the following urls:

    • *.ods.opinsights.azure.com – Port 443
    • *.blob.core.windows.net — Port 443

NOTES:

  • If you’ve already configured Operational Insights to use a proxy and your agents have permission to use that proxy, you are already set up for these changes
  • If your agents are configured to with outbound internet access, no action is require
  • Both agent and management server need to be update to SCOM 2012 R2 UR3 or 2012 SP1 UR7 or higher