introduction
welcome to first article of ACS series from SCOM 2019 course ,
which will discuss Audit Collection Services [ACS ] concepts
what is ACS
Audit Collection Services is an additional Operations Manager component that allows you to centralize the collection of security log data from computers within your organization.
For example, you configure file and folder auditing on all of the file servers in your organization as a way of tracking file and folder access.
Rather than checking the security event logs on each file server, Audit Collection Services gives you a central location that you can use to search and analyze this data.
Audit Collection Services can be deployed separate from Operations Manager.
This allows you to separate auditing data from other data recorded by SCOM
You can use ACS to collect security auditing information from computers running :
- Windows operating systems
- Oracle Solaris
- IBM AIX,
- and supported UNIX flavors and Linux distributions.
ACS components
An ACS deployment includes the following components:
ACS forwarder. [client side ]
- The ACS forwarder is a service that runs on computers from which you want to collect event log data. The forwarder extracts relevant data from the event logs and transmits it to the ACS collector.
- ACS forwarder is already installed when install SCOM agent on client computers , but is disabled à so we have just to enable it
ACS collector. [server side ]
- Deployed on a server, this component accepts incoming event log data, transferring it to the ACS database.
ACS database.
- A SQL Server database that stores event log data collected by ACS.
ACS reporting server.
- The ACS reporting server uses SQL Server Reporting Services (SSRS) to generate reports using auditing data.
- The ACS reporting server can use the SSRS instance that supports the Operations Manager deployment, or it can use a separate instance of SSRS.
ACS & SSRS
Audit Collection Services (ACS) reporting can be installed in two configurations.
A supported version of Microsoft SQL Server Reporting Services (SSRS) instance with Operations Manager Reporting already installed. >> A benefit of this is the ability to view ACS Reports in the Operations console.
An SSRS instance different of Operations Manager Reporting installed.
ACS considerations
when deploy ACS >> please consider the following :
- An instance of a supported version of Microsoft SQL Server Reporting Services must be installed on the target computer.
- During the procedure, you need to be logged on as member of Operations Manager Report Operator user role.
- IIS must be installed on the hosting system. IIS will have already been installed if you are co-locating with a Reporting server.
- You need to have access to the ACS database.
- You need the Operations Manager installation media.
