I would like to know if SolarWinds SEM has a best practice guide for domain controllers that also have a SEM agent and connectors on them.
Our agency uses our DC as the central logging point for all host to forward their event logs too (system, application, and security). Our DC picks these logs up and stores them for X time. Well the DC also has a SEM agent on the machine with the the windows connectors: system, application, security, NT DS, and NT DNS.
We are experiencing so much chatter and I can only think that the SEM agent on the DC is sending back the same logs that the host are sending to the DC. Each host with the SEM agent are forwarding their logs back to the SEM console too. So by doing so, we might be receiving duplicates logs of just about everything.
I am wondering what best practice is. I want to make sure that we are getting system, application, and security logs from the DC but i want to exclude all those logs that are being forwarded to the DC from our host and only allow the SEM agent and connectors local to that host forward those logs to the SEM console.
Ideas? thanks in advance