After changing the query, you need to restart the Operations Manager Audit Collection service.
From: [email protected] [mailto:[email protected]] On Behalf Of Kevin Holman Sent: Wednesday, February 26, 2014 1:30 PM To: [email protected] Subject: [msmom] RE: SCOM 2012 ACS Filter not changing/setting You need to use /setquery when you run it - does it kick back an error? Or the help contents? Or does it just accept the command? Are you running from an elevated CMD prompt on the collector server? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Sven Wells Sent: Wednesday, February 26, 2014 1:10 PM To: [email protected]<mailto:[email protected]> Subject: [msmom] SCOM 2012 ACS Filter not changing/setting Hello, We are attempting to modify the ACS Filter being used by our ACS Collector. The current filter is configured as follows: "select * from adtsevent where not ((eventid=538 or eventid=672 or eventid=680 or eventid=551 or eventid=562 or eventid=573 or eventid=577 or eventid=578 or eventid=697 or eventid=4624 or eventid=4634 or eventid=4769 or (eventid>=594 and eventid<=597) or (eventid>=768 and eventid<=771) or (eventid>=832 and eventid<=841)) or (eventid=571 or eventid=624 and targetuser like '%$%') or (eventid=627 and headeruser='System' and clientuser like '%$%' and targetuser='TsInternetUser') or ((eventid=538 or eventid=540) and String01='3' and HeaderUser like '%$%') or ((eventid>672 and eventid<678) and ClientUser like '%$%'))" I wanted to reconfigure it to something more simple, like: Adtadmin.exe /setquery /query:"select * from adtsevent where not EventId=4634" I set this new query, then ran Adtadmin.exe /getquery and the old (above) filter was displayed. I checked the permissions for the Computer\HKLM\SYSTEM\CurrentControlSet\Services\AdtServer\Parameters and the NETWORK_SERVICE account has Full Control here. I also noticed that the Computer\HKLM\SYSTEM\CurrentControlSet\Services\AdtServer\Parameters\DbQueueQuery key still had the old filter. I manually modified the ..\DbQueueQuery key to :"select * from adtsevent where not EventId=4634" then ran Adtadmin.exe /getquery again and still the old filter/above was displayed. How do I get the new ACS Filter to "stick"?? Thanks, Sven Sven Wells SYSTEMS ADMINISTRATION SPECIALIST Communication and Infrastructure Services TIP - Technology, Innovation and Performance Wilmington NC HQ PPD Phone +1 910 558 6870 [email protected] <mailto:[email protected]>www.ppdi.com <http://www.ppdi.com/> This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner.
