Information Technology Reference
In-Depth Information
MORE INFO
HEALTH EXPLORER
You can learn more about using Health Explorer at
http://technet.microsoft.com/en-us/
One of the challenges of using the built-in auditing capabilities of Windows computers is that
each computer stores event logs locally. While it is possible to configure event log forwarding
as a way of centralizing the storage of event logs, event log data is still kept in the standard
event log format, making it challenging to analyze.
Audit Collection Services (ACS) is a segment of Operations Manager that allows you to
collect event log records generated by an audit policy, and to place them in a SQL Server
database. With ACS, you can then use SQL Server tools, including data analysis and reporting
tools, to analyze security events generated by some or all of the computers in your organiza-
tion.
ACS uses the following segments:
■
ACS forwarders
■
ACS collectors
■
ACS database
ACS forwarders
ACS forwarders forward security event log information to ACS collectors. The ACS forwarder
is part of the Operations Manger agent. While the service is installed, the ACS forwarder will
not be active until you run the Enable Audit Collection task. Once this task has been run, all
events that would normally be written to the computer's Security log are also forwarded to
the ACS collector.
To configure a computer as an ACS forwarder, perform the following steps:
1.
In the Monitoring workspace of the Operations console, expand Operations Manager,
expand Agent Details, and then select Agent Health State.
Two panes are displayed. In the right pane, select all of the computers that you want to
configure as ACS forwarder, as shown in Figure 3-39, and then click Enable Audit Col-
lection under Health Service Tasks.
2.
