Is there no way to create a custom Event log and log items to it? Can you not change the event IDs of any of your rules? Can you at least parse any of the syslog message to the event in order to change the hostname its coming from or source? can you not modify the message as it is logged maybe to strip out the date and time (In order to set consolidation of alerting in other programs you are catching these alerts)? All I am able to do is change the message type (Event Level).
This is a HUGE win for us if ANY of these ideas can be added.
Currently we are sending SAN array alerts through syslog and catching it through Kiwi. Kiwi is logging to the event log and SCOM is picking it up and notifying the correct party. However, there is not much we can do at the moment in Kiwi to have the event logged in a way to use several different actions in SCOM since your choices are only Warning, Error, or informational.
Please let me know if you are having any of these same problems or if you know another way around this. There are free syslog servers that aren't nearly as good as syslog for filtering and rules, but you have the options to send alerts to several different custom Event logs.