Saturday, May 20, 2006

Audit Collection Service

What is Audit Collection Service (ACS)?

Ever struggled to analyze security logs after a major event from all the servers manually? If, yes, Microsoft Audit Collection Service (ACS) is the right tool for you.
ACS can be deployed as part of MOMv3, which will collect the security events from all the servers and store it in a central database. It will then make those events available to the administrator or an IT Audit professional from a single interface to aid in more efficient analysis.
Point to note is, till date, only security events will be collected by ACS.

How does ACS works?

ACS works by installing an agent on the target server from which security events are to be collected. This agent collects all the security events and sends it to the collector server (ACS), which in turn stores all the security events in a SQL database. The security events stored in a central database are much easier to retrieve an analyze as compared to visiting every server for event checking.

Is it available now?

No. It will be available with MOMv3, now named as System Center Operations Manager 2007. MOMv3 is expected to RTM in end of year 2006

Is it a free product?

Yes and No. Yes, because it will come free with System Center Operations Manager 2007. No, because it is not a built-in part of Windows like DHCP.

The challenge

The Windows Event Viewer was never designed to be a collaborative product. Hence there are some open questions in the usage of ACS:
1) What will happen to the time stamp of the events?
2) Will it be the time stamp of the original server or the collector server?
3) What will happen to time stamps if the originating server and the collector server are in different time zones?
4) Will it only support Security Event logs?


Post a Comment

<< Home

Free Website Counter
Free Web Counter Technology Blogs by Indian Bloggers Technology Blog Top Sites