Did you ever wonder how you can view using the OpsMgr console what collectors the ACS forwarders is configured to sent their security events to?
One way of accomplishing this is to create an attribute discovery in OpsMgr and let it create an attribute for you with the collectors name in it.
Open the OpsMgr 2007 console and go to the Authoring pane
Drill down to Management Pack Objects > Attributes
Right click and select “Create a New Attribute”
Specify a Name for the discovery keeping in mind that the name will displayed as a column heading in the OpsMgr console
On the Choose a Discovery method screen
1. Discovery Type = Registry
2. Target – You need to choose the Agent target, doing this you will be told: “The attribute cannot be directly added to the selected type because it belongs to a Sealed Management Pack
In order to add the attribute successfully, we will create an extended version of the type which will be located in an unsealed Management Pack”
The target will be changed to “Agent_Extended”, you must change the Management Pack to a Custom management pack in use in your environment
On the Choose a Discovery methog
Change the Key or Value Type to Value – you wanna get the name of the ACS collector configured for the agents
The path must be SOFTWARE\Policies\Microsoft\AdtAgent\Parameters\AdtServers
The Attribute Type must be string
Frequency can be anything, the default is 3600 seconds = 1 hour
Click on Finish
Now you will have to create a state view in the Monitoring Pane in the OpsMgr console to view this attribute.
I’m using this view to also enable auditing collection directly in that view hence the name of the state view
Here is the properties of the view, note the “Show data related to” field which is the extended agent class that was created
Next step is where you need to add the attribute by customizing the view, right click on the column headings of the newly create view and select “Personlize view”
In the Personalize View select the column that is the same as the name of the attribute discovery and tick the box
The view will now have a column that shows the ACS collector that the agent is forwarding the security events to.