I am building a Windows Server Provisioning systems that will build VM’s in VMWare to specs filled out on a web front end that is already in place. On our DSC authoring server, we are using PowerCLi, PowerShell, DSC and SQLExpress. These builds will be across multiple DC’s, or domains, sub-nets an such. There will be modules that interact with InfoBlox (DNS) and Active Directory.
We want to use Even Viewer for our logging, but having no experience with any of this before, we are wondering if we should create our own set of logs, or use and existing set, like PowerShell and use Event ID’s to designate out items specific to this app?
One concern expressed when considering creating our own is whether they would be picked up by Splunk.
Another thought was to use common we errors for event ID’s but adding a digit or two to the front of these to specify our app.
Any thoughts or Ideas, or good articles talking about what others have done would be appreciated.