What functional level to get combined audit events?

All replies

• 

  

  0

  Sign in to vote

  Hi,

  Unfortunately, I didn't understand your question. However, events can be store in a centralized database in Operations Manager 2007.

  About Audit Collection Services (ACS) in Operations Manager 2007
  http://technet.microsoft.com/en-us/library/bb381373.aspx

  Collecting Security Events Using Audit Collection Services in Operations Manager
  http://technet.microsoft.com/en-us/library/hh212908.aspx

  ---

  Best Regards,
  
  Abhijit Waikar.
  MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Proposed as answer by Sandesh Dubey Thursday, July 5, 2012 6:12 AM
  • Marked as answer by Miya Yao Tuesday, July 17, 2012 7:14 AM

  Thursday, July 5, 2012 6:02 AM
• 

  

  0

  Sign in to vote

  In addition to above if your goal is to collect log at central location refer below links.
  

  
  Quick and Dirty Large Scale Eventing for Windows 
  http://blogs.technet.com/b/wincat/archive/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows.aspx 

  How to collect security logs using event forwarding? 
  http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/8434ffb3-1621-4bc5-8311-66d88b215886 

  Set up event subscriptions in Windows 2008 
  http://www.itexpertmag.com/server/set-up-event-subscriptions-in-windows-2008 

  Windows Server 2008 Event Subscription with Task Scheduling
  http://technet.microsoft.com/en-us/edge/Video/ff944915 

  Event Subscriptions 
  http://technet.microsoft.com/en-us/library/cc749183.aspx 

  Configure Computers to Forward and Collect Events 
  http://technet.microsoft.com/en-us/library/cc748890.aspx 
  
  Reference link:http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/f82d4872-601f-47c0-8c84-e2cac269fe00/
  
  Hope this helps
  

  ---

  Best Regards,
  
  Sandesh Dubey.
  
  MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
  
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Marked as answer by Miya Yao Tuesday, July 17, 2012 7:14 AM

  Thursday, July 5, 2012 6:15 AM
• 

  

  0

  Sign in to vote

  Hello,

  functional levels do not apply for event logs.

  If you like to collect all events on one DC you have to configure it yourself with Event subscriptions, see the already posted links how to configure it.

  ---

  Best regards

  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/

  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  Thursday, July 5, 2012 6:27 AM
• 

  

  0

  Sign in to vote

  There is no way to generate event of all the DC into the one DC. Each DC maintains its own event log for authentication or changes in the AD objects, instead you can capture the log using third party tools like Snare or from quest. Event subscription services are available from windows 2008 & above to configure & forward critical events to the particular mail using SMTP address.

  http://www.quest.com/intrust/

  http://sourceforge.net/projects/snare/

  ---

  Awinish Vishwakarma - MVP - Directory Services

  My Blog: awinish.wordpress.com

  Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

  Thursday, July 5, 2012 1:14 PM