In order for event records to be stored in the ACS database, native Windows event format is converted according to transformation rules defined in the EventSchema.xml file stored on Operations Manager server. Writing these events into the InTrust Audit database requires reverse transformation, and therefore authorized InTrust components must have access to the transformation rules (that is, to EventSchema.xml). For details, see the Gathering with and without Agents topic.
In addition, to comply with in the InTrust audit database format, the records obtained from the ACS database need to be supplemented with the computer type, time zone parameters, and Windows build number.
To summarize, in order for event data to be stored in an InTrust repository and/or audit database, the following information is required:
So, for ACS data to be processed correctly, you have to deploy Quest InTrust for ACS Management Pack. The installation procedure is described in the Step 1. Install the InTrust Knowledge Pack for ACS topic.
This topic explains the steps you need to take in order to enable ACS data gathering and reporting with InTrust:
Each step is described in detail in the related topics.
|
Caution: For reports on collected data to work properly, it is strongly recommended that you use a dedicated InTrust Audit database to collect only event data provided by ACS. If you also want to collect Windows event data in the standard way (that is, directly from the audit trails, using the InTrust workflow) from the same computers (Operations Manager servers), configure a separate Audit database. |
The InTrust Knowledge Pack for ACS brings in several predefined objects required for the InTrust auditing workflow.
To install the Knowledge Pack, launch the InTrust suite setup, and from the list of features to install, select Knowledge Pack for ACS.
After the setup is complete, the following predefined objects become available in InTrust Manager (for a detailed list with descriptions, see Predefined Objects for ACS Data Collection and Reporting):
To arrange your Operations Manager servers with Audit Collection Services installed into the InTrust site, perform the following steps:
|
Note: It is recommended that you arrange Operations Manager servers into sites considering their location and/or administrative boundaries. |
To install agents on the site computers, refer to the Gathering with and without Agents topic.
© ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center