SCOM 2012 SP1 – Part 3: Audit Collection Services (ACS) Testing Cross Platform Logging

In part 1 and part 2 we installed ACS for collection Windows and Linux events. In part 3 I am going to show how the cross platform ACS works in an easy example.

In part 2 we had a close look at a specific rule called Delete User. I think this is a perfect example to see how the process runs.

First we create a user account, set a password for this account and delete this user afterwards. Sound silly, but it is a good example to see what happens. Ok, let’s do it…

Continue reading

SCOM 2012 SP1 – Part 1: Audit Collection Services (ACS) Setup

SCOM 2012 SP1 has been released and I was wondering how the setup behalves and how the look and feel is going to be. Therefore, I decided to play around with Audit Collection Services and write a 4 part blog series about it. Cool, huh?

This 4 part series is going discusses in part 1 how to install ACS collector and reporting. In part 2 we are going to setup the ACS configuration for cross platform in our case SUSE Linux Enterprise Server 11.2 and also the cross platform reports. Part 3 is more like “do I see what I expect to see” thing and part 4 a collection of useful resources.

Part 1 – Basic ACS setup for Windows servers (forwarders) and reporting
Part 2 – ACS setup for Linux servers (forwarders) and cross platform reporting
Part 3 – Testing the cross platform event logging
Part 4 – ACS useful resources and tools

Before we can start we need to build a small environment consisting out of 6 servers (!). Because I was somewhat limited in resources the roles couldn’t be assigned as they should in an production environment. The role assignment was as follows:

  • 2 SUSE Linux Enterprise Server 11.2
    • Linux01.bigfirm.com
    • Linux02.bigfirm.com
  • 1 SCOM 2012 SP1 management server
    • MS01.bigfirm.com
    • SQL Server 2012 SP1
    • SQL Server Reporting Services
  • 1 SCOM 2012 SP1 management server
    • MS02.bigfirm.com
  • 1 SCOM 2012 SP1 management server
    • ACS01.bigfirm.com
    • ACS role installed
  • 1 Windows Server 2012 domain controller
    • DC01.bigfirm.com

To better visualize the role assignment and topology I drew the scenario in Visio…

Scenario

Continue reading