Deployment steps
Step 1 How to Install an ACS Collector and Database
The TechNet deployment guide you can find here:
How to Install an Audit Collection Services (ACS) Collector and Database
http://technet.microsoft.com/en-us/library/hh284670.aspx
http://technet.microsoft.com/en-us/library/hh284670.aspx
The following steps describe how to install the ACS Collector and database on the computer that is designated as your ACS collector.
On the Operations Manager installation media, run Setup.exe , and then click Audit collection services :
On the Welcome page, click Next :
On the License Agreement page, read the licensing terms, click I accept the agreement :
On the Database Installation Options page, click Create a new database , and then click Next :
On the Data Source page, in the Data source name box, type a name that you want to use as the Open Database Connectivity (ODBC) data source name for your ACS database. By default, this name is OpsMgrAC :
On the Database page, if the database is on a separate server than the ACS collector, click Remote Database Server and change or leave the database name OperationsManagerAC :
On the Database Authentication page, select one of the authentication methods. If the ACS collector and the ACS database are members of the same domain, you can select Windows authentication , otherwise select SQL authentication :
On the Database Creation Options page, click Use SQL Server's default data and log file directories to use SQL Server's default folders, otherwise, click Specify directories :
On the Event Retention Schedule page, click Local hour of day to perform daily database maintenance, and in Number of days to retain events box type the number of days ACS should keep :
On the ACS Stored Timestamp Format page, choose Local or Universal Coordinated Time , formerly known to as Greenwich Mean Time :
Check if the summary is correct:
And install the collector:
Choose the server to login to SQL:
Let the wizard finish:
Click Finish when ready:
Check if the database is installed:
The collector is deployed now and the AdtServer Service is started:
Now we can enable the ACS Forwarders.
Step 2 How to Enable ACS Forwarders
The TechNet deployment guide you can find here:
How to Enable Audit Collection Services (ACS) Forwarders
http://technet.microsoft.com//library/hh272397.aspx
http://technet.microsoft.com//library/hh272397.aspx
The following steps describe how enable the ACS forwarders.
In the Operations console, click Monitoring, Operations Manager , expand Agent Details , and then click Agent Health State :
In the details pane, click all agents that you want to enable as ACS forwarders. You can make multiple selections by pressing CTRL or SHIFT, and in the Actions pane, under Health Service Tasks , click Enable Audit Collection to open the Run Task - Enable Audit Collection dialog box:
Set task credentials or override for collector server if needed:
Run the Task:
And wait until success:
See if the AdtAgent services is started on the agent:
It is forwarding the security events now.
Step 3 How to Deploy ACS Reporting
The TechNet deployment guide you can find here:
How to Deploy ACS Reporting
http://technet.microsoft.com/en-us/library/hh299397.aspx
http://technet.microsoft.com/en-us/library/hh299397.aspx
The following steps describe how to install the ACS Collector and database.
On the server that will be used to host ACS reporting create a (temp) folder C:\ACS:
On your installation media, go to \ReportModels :
acs and copy the directory contents to the temporary installation folder:
On your installation media, go to \SupportTools :
and copy the file ReportingConfig.exe into the temporary acs folder if not already there:
Open a Command Prompt window by using the Run as Administrator option, and then change directories to the temporary acs folder:
Run the following command:
UploadAuditReports “<AuditDBServer\Instance>” “<Reporting Server URL>” “<path of the copied acs folder>”
For example:
UploadAuditReports “myAuditDbServer\Instance1” “http://myReportServer/ReportServer$instance1” “C:\acs”
In my case:
UploadAuditReports OR-OM12-1 http://OR-OM12-1/ReportServer C:\ACS
This example creates a new data source called Db Audit , uploads the reporting models Audit.smdl and Audit5.smdl , and uploads all reports in the acs\reports directory :
Open Internet Explorer and enter the following address to view the SQL Reporting Services Home page. http://<yourReportingServerName>/Reports_<InstanceName>
In my case:
Click Audit Reports in the body of the page and then click Details View in the upper right part of the page:
Go to Audit Reports:
And choose Manage for the Db Audit data source :
In the Connect Using section, select Windows Integrated Security and click Apply:
Check if the Audit Reports are in the console:
And see if the reports work :
Now you can start configuring ACS using AdtAdmin.exe, see: