立即与支持人员聊天
与支持团队交流

InTrust 11.5.1 - Preparing for Gathering Audit Collection Services Data

Audit Collection Services Auditing Overview

Microsoft System Center Operations Manager (Operations Manager) is used in many organizations to facilitate monitoring of Windows-based networks in real time. Audit Collection Services (ACS) is the part of Operations Manager that collects event records generated by an audit policy on a Windows-based computer and stores them in a centralized SQL Server database for further analysis and reporting. This capability helps to collect and consolidate security events from DCs, as long as large volumes of data are generated by audit policies on these computers.

When integrated with Operations Manager, InTrust brings new, powerful means of automating and streamlining your auditing workflow:

  • Long-term data storage, archival, and backup. With InTrust, you can use file-based or Centera-based repositories to store audit data in a compressed form for any period of time; extract events from the repository and restore them in the original format if required; import events to the database for reporting when needed. These features help organizations comply with external regulations and internal policies.
  • Consolidation of audit trails from across your enterprise-wide network. InTrust extends the consolidation capabilities of native Windows auditing tools, providing for consolidation of data from variety of platforms and applications. This allows for comprehensive analysis of your network operations and health.
  • Quest expertise in security events analysis. InTrust and Operations Manager integration will provide you with reports on security data, helping you with in-depth analysis of valuable information collected throughout the network.

To integrate InTrust with Operations Manager, use the Knowledge Pack for Microsoft Audit Collection Services that comes with InTrust.

Software Compatibility

The InTrust Knowledge Pack for Microsoft Audit Collection Services supports only ACS 2007.

How Integration Works

Typical InTrust-Operations Manager integration scheme is explained in this section. Inter-operation of the components takes place as follows:

  1. Audit Collection Services (ACS) of Operations Manager collects event records generated by an audit policy on Windows-based computers and stores them in a centralized SQL Server database (ACS database).
  2. The InTrust component (ACSLogsCollector) obtains these event records and enriches them with the information required to comply with InTrust Audit DB format (Computer Type, time zone parameters, and Windows build number). For details, see the Pre-Processing Data topic.
  3. The pre-processed event data is ready for the typical InTrust workflow, including automated gathering, storage to repository and/or database, and reporting.

This workflow can be implemented with InTrust agents (Scenario 1) or without InTrust agents (Scenario 2).

Scenario 1

An agent communicates with the ACS database and with the Operations Manager server to pre-process event records and execute InTrust gathering jobs.

Caution: If you plan to deploy an InTrust agent on a dedicated computer, then Operations Manager console must be installed on the computer hosting the InTrust agent. (This component provides the Operations Manager API SDK required for interaction between Operation Manager and InTrust.) Make sure that target computer is running the same version of the Operations Manager console as your Operations Manager server.

Scenario 2

If so, an InTrust server will communicate with Operations Manager server and the ACS database; it will also pre-process event records and execute gathering jobs. Note, however, that server load will significantly increase if data is gathered without agents.

Caution: If you plan to collect data without using InTrust agents, then the Operations Manager console must be installed on the computer hosting the InTrust server. Make sure this console is of the same version as the Operations Manager console running on the Operations Manager server.

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级