I first heard about Audit Collection Services (ACS) at TechEd in 2004. It was going to be a free download like WSUS. The idea is that it would be an intelligent alternative to SYSLOG for Microsoft platforms/applications, gathering security logs into a central database. Instead of gathering everything, it would gather the important alerts/events only.
Time went by and no beta appeared. Then ACS appeared as a feature in System Center Operations Manager 2007. OpsMgr 2007 evolved in OpsMgr 2007 R2 to add cross platform support, i.e. MS written native agents and management packs for Linux and UNIX.
Microsoft has now added an extension to this cross platform support to offer ACS to Linux and UNIX:
“System Center Operations Manager 2007 R2 Cross Platform Audit Collection Services enables the collection and audit of events from UNIX and Linux Servers. Using Cross Platform ACS, events are collected from the desired Unix/Linux servers and stored in the Audit Collections Services Database. Audit reports for UNIX/Linux Server collected events are included.
Collection of Audit events from UNIX/Linux server, including:
- AIX 5.3 (Power), 6.1 (Power)
- HP-UX 11iv2 (IA64/PA-RISC), 11iv3 (IA64/PA-RISC)
- Red Hat Enterprise Server 4 (x86/x64), 5 (x86/x64)
- Solaris 8 (SPARC), 9 (SPARC), 10 (SPARC/x86)
- SUSE Linux Enterprise Server 9 (x86), 10 (x86/x64), 11 (x86/x64)
Built in Audit Reports including:
- Access violations – unsuccessful logon attempts
- Account creation/deletion/password change
- Administrator activity – su, sudo
- Forensic – all events for a computer/event ID
- User logons”
This blog post is the property of Aidan Finn (@joe_elway / http://www.aidanfinn.com) and may not be reused in any manner without prior consent of Aidan Finn. You may quote one paragraph from this blog post if you link to the original blog post.
No related posts.