Viewing what ACS collector is a ACS forwarder sending to

Did you ever wonder how you can view using the OpsMgr console what collectors the ACS forwarders is configured to sent their security events to?
One way of accomplishing this is to create an attribute discovery in OpsMgr and let it create an attribute for you with the collectors name in it.

Open the OpsMgr 2007 console and go to the Authoring pane
Drill down to Management Pack Objects > Attributes

Right click and select “Create a New Attribute”

Specify a Name for the discovery keeping in mind that the name will displayed as a column heading in the OpsMgr console

Click Next

On the Choose a Discovery method screen
1. Discovery Type = Registry
2. Target – You need to choose the Agent target, doing this you will be told: “The attribute cannot be directly added to the selected type because it belongs to a Sealed Management Pack
In order to add the attribute successfully, we will create an extended version of the type which will be located in an unsealed Management Pack”

The target will be changed to “Agent_Extended”, you must change the Management Pack to a Custom management pack in use in your environment

Click Next

On the Choose a Discovery methog

Change the Key or Value Type to Value – you wanna get the name of the ACS collector configured for the agents

The path must be SOFTWARE\Policies\Microsoft\AdtAgent\Parameters\AdtServers

The Attribute Type must be string

Frequency can be anything, the default is 3600 seconds = 1 hour

Click on Finish

Now you will have to create a state view in the Monitoring Pane in the OpsMgr console to view this attribute.

I’m using this view to also enable auditing collection directly in that view hence the name of the state view

Here is the properties of the view, note the “Show data related to” field which is the extended agent class that was created

Next step is where you need to add the attribute by customizing the view, right click on the column headings of the newly create view and select “Personlize view”

In the Personalize View select the column that is the same as the name of the attribute discovery and tick the box

Click OK,

The view will now have a column that shows the ACS collector that the agent is forwarding the security events to.

Advertisements

3 thoughts on “Viewing what ACS collector is a ACS forwarder sending to

  1. Thanks a lot. This helped me out greatly.

  2. Thank you very much indeed.

  3. pleasure guys, glad to help

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s