As a system administrator, I need to integrate PI System logging into my SEIM, so that I can manage PI System events consistent with other applications in a centrally managed system.
Most PI System applications leverage the Applications and Services Logs in the Windows event logs. As the built-in logging mechanism for the Windows platform, there are a number of forwarding, aggregation, and management options for the Windows event logs. The PI Data Archive logs to the Windows Application event logs as a fallback if the PI Message subsystem is unavailable, but some of the metadata for the events is encapsulated in the EventData, making filtering and correlation difficult.
