SCOM2007: Audit Collection Services (ACS) Reports Installation and Configuration

  • Article

One question we seem to get around here a lot concerns the installation of ACS.  You put in the CD, you install Audit Collection Services and do everything the deployment guide tells you, but then in the console you can't find your Audit Reports.  What's the deal?  Well, there are a few more steps you'll need to be sure to complete in order to get these working and I've listed them below:

1. Create a "C:\TOOLS\AUDIT REPORTS\ACS" folder on the server that is hosting Audit Reporting.  In the next steps we'll refer to this server as <WhateverYourAuditReportingServerNameIs>. 

2. Copy uploadauditreports.cmd, the Models and Reports folders from the System Center
Operations Manager 2007 CD (located at ReportModels\ACS\) into the folder you just created.

3. Copy the reportingconfig.exe from the SCOM 2007 CD (under the Support Tools folder) to the same folder you created in step #1.

4. On the server, open a CMD prompt, change to the "c:\tools\audit reports\acs" directory and run the following command:

UploadAuditReports “" "<WhateverYourAuditReportingServerNameIs>"
“https://<WhateverYourAuditReportingServerNameIs>/reportserver" “c:\tools\audit reports\acs"

Click OK on any dialog you receive.  This creates a new data source called Db Audit, uploads the reporting models Audit.smdl and Audit5.smdl and uploads all reports in the ACS\REPORTS directory.

5. Open Internet Explorer and enter the following in the address bar:

https://<WhateverYourAuditReportingServerNameIs>/Reports

This opens the SQL Reporting Services’ Home page.

6. Click Audit Reports

7. Click Show Details (located in the upper right part of the screen).

8. Click on the Db Audit data source.

9. In the Connection string box, verify the text that starts with "data source =" reads:

data source=" "<WhateverYourAuditReportingServerNameIs>;initial
catalog=OperationsManagerAC;Integrated Security=SSPI

10. Under the Connect Using section, change from "Credentials are not required" to
"Windows Integrated Security" and click Apply.

11. On the top of the page, click Audit Reports to get back to the audit report
folder.

12. To test, log on and off of a couple of machines that you enabled audit collection on.  Then, back on the Operations Manager server, open https://<WhateverYourAuditReportingServerNameIs>/reports and under Audit Reports, click the Usage - User Logon report. This report displays logon activity of the specified user in the specified time period on computers that have audit collection enabled.

- J.C. Hornbeck