Cross Platform Audit Collection Services in System Center Operations Manager 2007 R2
Cross Platform Audit Collection Services in System Center Operations Manager 2007 R2
Cross Platform ACS Architecture
How to Install Cross Platform ACS
1- Download System Center Operations Manager 2007 R2 Cross Platform Audit Collection Services
https://www.microsoft.com/en-us/download/details.aspx?id=1939
2- To install Cross Platform ACS
Double-click the SCX.ACS.Setup.msi file.
On the first page of the System Center Operations Manager Cross Platform ACS Setup Wizard, click Next.
Accept the terms of service, and then click Next.
Select Audit Data Time Zone, and then click Next.
On the Ready page, click Install.
On the ACS Audit Events page, click Next.
Click Finish.
Download and Import the Cross Platform Audit Collection Services Management Packs
Cross Platform Audit Collection Services Management Packs for System Center Operations Manager 2007 R2
https://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=7302
After import the Management Packs:
Enable the ACS Endpoint Discovery for Unix Computers
Discovery Name: Discover Unix/Linux ACS Endpoint
By default, Cross Platform ACS AIX rules are not enabled After importing the Cross Platform ACS AIX management pack, follow the steps in “Configure Syslog and Rules for Audit Edits” in “Audit Collection Services (ACS) Support for Cross Platform Operating Systems.”
How to Configure AIX Syslog
By default, the AIX platform does not log audit events. The logging configuration is controlled by the file located at /etc/syslog.conf.
Perform the following steps to enable logging of all event messages at the debug level or higher.
To enable event logging on an AIX Computer |
1. Using an appropriate editor, modify the /etc/syslog.conf file to contain the following line: *.info /var/log/syslog.log rotate size 1m files 10 where /var/log/syslog.log is the location and name of the Syslog file. The Syslog file is rotated when it becomes larger than 1 megabyte (MB) and the number of rotated files is limited to 10. Note: Use the TAB key to separate priority, destination, and rotation parameters. Spaces do not work.
2. At a command prompt, to refresh the computer’s configuration, enter # refresh -s syslogd. 3. You will now need to enable the appropriate Cross Platform ACS AIX management pack rules as described in Enable ACS Rules. |
To enable the rules:
Scope the Console> Authoring to AIX 5.3 ACS Endpoint and AIX 6.1 ACS Endpoint
Override > Enable all the AIX 5.3 and AIX 6.1 ACS Collection Rules (10 Rules per version)
AIX 5.3 Rule Name |
Failed Console Login (AIX 5.3) |
Invalid Console Login (AIX 5.3) |
Successful su (AIX 5.3) |
Failed su (AIX 5.3) |
Successful sudo (AIX 5.3) |
Failed sudo (AIX 5.3) |
Invalid sudo (AIX 5.3) |
Successful ssh login (AIX 5.3) |
Failed ssh login (AIX 5.3) |
Invalid ssh login (AIX 5.3) |
AIX 6.1 Rule Name |
Failed Console Login (AIX 6.1) |
Invalid Console Login (AIX 6.1) |
Successful su (AIX 6.1) |
Failed su (AIX 6.1) |
Successful sudo (AIX 6.1) |
Failed sudo (AIX 6.1) |
Invalid sudo (AIX 6.1) |
Successful ssh login (AIX 6.1) |
Failed ssh login (AIX 6.1) |
Invalid ssh login (AIX 6.1) |
Check Discovered Inventory (ACS Endpoint)
How to Install Cross Platform ACS Reporting
To install Cross Platform ACS Reports
On the server that will be used to host ACS Reports, log on as a user that is an administrator of the Microsoft SQL Server 2005 Reporting Services (SRS) instance.
At a Command Prompt window, change directories to the Cross Platform ACS Reports folder, for example C:\Program Files\System Center Operations Manager Cross Platform ACS.
In the Cross Platform ACS Reports folder, run the following command.
UploadCrossPlatformAuditReports “<AuditDBServer\Instance>” “<Reporting Server URL>” “<path of the copied ACS folder>” .For example: UploadCrossPlatformAuditReports “myAuditDbServer\Instance1” “https://myReportServer/ReportServer$instance1” “C:\Program Files\System Center Operations Manager Cross Platform ACS”
NoteThe reporting server URL needs the virtual directory of the reporting server (ReportingServer$<InstanceName> ), instead of the reporting manager directory (Reports$<InstanceName> ). Open Internet Explorer and enter the following address to view the SQL Server Reporting Services home page.
https://<yourReportingServerName>/Reports$<InstanceName>