I first heard about Audit Collection Services (ACS) at TechEd in 2004. It was going to be a free download like WSUS. The idea is that it would be an intelligent alternative to SYSLOG for Microsoft platforms/applications, gathering security logs into a central database. Instead of gathering everything, it would gather the important alerts/events only.
Time went by and no beta appeared. Then ACS appeared as a feature in System Center Operations Manager 2007. OpsMgr 2007 evolved in OpsMgr 2007 R2 to add cross platform support, i.e. MS written native agents and management packs for Linux and UNIX.
Microsoft has now added an extension to this cross platform support to offer ACS to Linux and UNIX:
“System Center Operations Manager 2007 R2 Cross Platform Audit Collection Services enables the collection and audit of events from UNIX and Linux Servers. Using Cross Platform ACS, events are collected from the desired Unix/Linux servers and stored in the Audit Collections Services Database. Audit reports for UNIX/Linux Server collected events are included.
Feature Summary
Collection of Audit events from UNIX/Linux server, including:
- AIX 5.3 (Power), 6.1 (Power)
- HP-UX 11iv2 (IA64/PA-RISC), 11iv3 (IA64/PA-RISC)
- Red Hat Enterprise Server 4 (x86/x64), 5 (x86/x64)
- Solaris 8 (SPARC), 9 (SPARC), 10 (SPARC/x86)
- SUSE Linux Enterprise Server 9 (x86), 10 (x86/x64), 11 (x86/x64)
Built in Audit Reports including:
- Access violations – unsuccessful logon attempts
- Account creation/deletion/password change
- Administrator activity – su, sudo
- Forensic – all events for a computer/event ID
- User logons”
One thought on “Audit Collection Services Adds Cross-Platform Support”