Previous post about ACS :

ACS Part I : Introduction & Collector Installation

Reports Deployment

Now that you have a running ACS Collector, you have to publish the ACS Reports on your SQL Reports Services server. 

1. From the Operations Manager source, copy the files and folders present in the ReportModels\ACS to temporary folder, for example: D:\ACS

2. Open a command prompt
3. Go to the folder you just created (D:\ACS)
4. Executing the following command

UploadAuditReports.cmd reportsrvfqdn http://reportsrvfqdn/ReportServer ACSFOLDER

5. Don’t take care of the two warnings

6. Start your web Brower and go to http://reportsrvfqdn/Reports

7. Click on Show Details and go to DB Audit.
8. Adapt the Connection String field to point to your ACS Database
For example:
data source= xxxx\SQLDB1;initial catalog=OperationsManagerAC;Integrated Security=SSPI

9. If you are using the same reporting for Operations Mananger and ACS, select also the option Credentials supplied by the user running the report and check Use as Windows Credentials when connection to the data source.

10. Click Apply.

Access Control List

1. Create a new Active Directory group for your Security Administrator and add them as member. (By example: SCOM2007-ACSAuditors)

2. Go to your Database server and add the group as Users for you ACS DB.

3. Grant your group as db_datareader of your ACS database.

4. Your Security Administrator could now access to the ACS Reports through the SQL Reporting Services Web Interface : http://reportsrvfqdn/Reports  > Audit Reports

The next post will be about the ACS Forwarder Configuration.
Feel free to contact in case of any remarks and/or comments.

Christopher KEYAERT

ACS · Audit Collection Services · operations manager · opsmgr · Scom

Hi everyone,

With Operations Manager 2007, Microsoft introduces Audit
Collection Services (ACS) as an optional but integrated component of an OpsMgr
management group. By deploying and using the ACS components of Operations
Manager, the administrator will be able to store and present security audit
information.

What is the idea?

ACS Forwarder: It’s your servers/workstations where you
installed an OpsMgr Agent and for which you want to collect the security event
log.

ACS Collector: It’s an OpsMgr management server which will be
designated as an ACS collector.

ACS DB: ACS requires having his own database. Depending of the
numbers of you forwarder, the DB could grow really fast. Satya Vel, a System
Center Program Manager, published an Excel sheet for helping you to size the
ACS DB. (http://blogs.technet.com/b/momteam/archive/2008/07/02/audit-collection-acs-database-and-disk-sizing-calculator-for-opsmgr-2007.aspx)

ACS Reporting: ACS is using SQL Reporting Services, so you have
the choice to install a new fresh server, or using the one that you already
used for OpsMgr reports. If you want to use your existing SQL Reporting server
and want continue to be in a Microsoft supported configuration, each time that one
of your Security Administrators want to generate an ACS report, he will have
to enter his credentials.

The best practice is to generate ACS reports directly from
the SQL Reporting web interface and not directly from the integrated reporting
pane available in SCOM console. This is due to the fact that ACS reports could
contain sensitive information and you don’t want that all your SCOM Operators
could see that information. The other advantage, and that you just need to
provide the web url to you Security Administrators, no need to install the SCOM
Console.

Security Administrator: Is the person of you company that will
be able to generate ACS Reports through the web interface of SQL Reporting
Services.

Continue to read on my SCUG Blog

ACS · Audit Collection Services · momteam · security event · sizing calculator

Hi everyone,

With Operations Manager 2007, Microsoft introduces Audit Collection Services (ACS) as an optional but integrated component of an OpsMgr management group. By deploying and using the ACS components of Operations Manager, the administrator will be able to store and present security audit information.

What is the idea?

ACS Forwarder: It's your servers/workstations where you installed an OpsMgr Agent and for which you want to collect the security event log.

ACS Collector: It's an OpsMgr management server which will be designated as an ACS collector.

ACS DB: ACS requires having his own database. Depending of the numbers of you forwarder, the DB could grow really fast. Satya Vel, a System Center Program Manager, published an Excel sheet for helping you to size the ACS DB. (http://blogs.technet.com/b/momteam/archive/2008/07/02/audit-collection-acs-database-and-disk-sizing-calculator-for-opsmgr-2007.aspx)

ACS Reporting: ACS is using SQL Reporting Services, so you have the choice to install a new fresh server, or using the one that you already used for OpsMgr reports. If you want to use your existing SQL Reporting server and want continue to be in a Microsoft supported configuration, each time that one of your Security Administrators want to generate an ACS report, he will have to enter his credentials.

The best practice is to generate ACS reports directly from the SQL Reporting web interface and not directly from the integrated reporting pane available in SCOM console. This is due to the fact that ACS reports could contain sensitive information and you don't want that all your SCOM Operators could see that information. The other advantage, and that you just need to provide the web url to you Security Administrators, no need to install the SCOM Console.

Security Administrator: Is the person of you company that will be able to generate ACS Reports through the web interface of SQL Reporting Services.

Pre-requisites

I invite you to take a look to the Operations Manager Supported Configuration page available on Technet : http://technet.microsoft.com/en-us/library/bb309428.aspx

What do you need :

• OpsMgr infrastructure.
• Service Account (a simple domain user).
• A database server (Grant your service account to interact with the DB Server.
• A dedicated management server that you will use as ACS Collector. (Grant your service account as Local Administrator).
• Active Directory Group which contains your Security Administrators.
• A reporting server (Dedicated or the one used for OpsMgr reporting).

Collector Installation

1. Log on to your dedicated management server with your service account.

2. Launch in the OpsMgr setup and click on Install Audit Collection Server.

3. Choose Create a new database.

4. ACS uses a ODBC connection to SQL, here you can modify the Data source name.

5. Select Remote database server

6. Select Windows authentication

7. I suggest keeping the default parameter, Use SQL Server's default data and logging file directories.

8. Number of day an event is retained in database, is the maximum age for which you'll be able to generate ACS report. Keep in my that higher the number of days is, more space your DB will use.

9. In the case, we use only one ACS DB, select Local.

10. Summary of the installation options

11.   Click ok to confirm Authentication information

12.   Installation of the ACS Collector finished

Now, you have your first collector installed
The next post will be about the publication of the ACS reports on the reporting server.
Feel free to contact in case of any remarks and/or comments.

Christopher KEYAERT

ACS · Audit Collection Services · operations manager · opsmgr · Scom