Поделиться через


Nové standardní reporty ACS ve SCOM 2007 R2

Overoval jsem funkcnost reportu ACS, které jsou dodány s novým vydáním SCOM 2007 R2 (nyní je dostupná zkušební verze) v prostredí SCOM 2007 SP1 – tedy v predchozí verzi. První zjištení jsou uvedena zde. Definicní soubory reportu (formát RDL) jsem z distribucního média importoval pomocí Report Manageru, to znamená v Internet Exploreru (/Reports">https://<jmenoServeru>/Reports).

  1. sada obsahuje pet nových reportu, pouze tyto jsem vyzkoušel,
  2. reporty je možné spouštet jak z Report Manageru …
  3. imagetak z prostredí konzoly System Center Operations Manageru …

image

image

Pro vlastní reporty využijeme jako inspiraci dotazy, které jsou casto i dost složité:

.......................................... .     Access_Violation_-_Account_Locked .......................................... SELECT CreationTime AS DateTime, TargetDomain AS Domain, TargetUser AS UserAccount FROM  AdtServer.dvAll WHERE (EventId = 539 OR EventId = 644 OR EventId = 4740 OR EventId = 6279) AND (CreationTime >= @StartDate) AND (CreationTime <= @EndDate) .......................................... .     Policy_-_Account_Policy_Changed .......................................... SELECT CreationTime AS DateTime, String01 AS ChangeType, PrimaryDomain AS TargetDomain, CASE WHEN String05 != '-' THEN 'Min. Password Age - ' + String05 + ';' ELSE '' END + CASE WHEN String06 != '-' THEN 'Max. Password Age - ' + String06 + ';' ELSE '' END + CASE WHEN String07 != '-' THEN 'Force Logoff - ' + String07 + ';' ELSE '' END + CASE WHEN String08 != '-' THEN 'Lockout Threshold - ' + String08 + ';' ELSE '' END + CASE WHEN String09 != '-' THEN 'Lockout Observation Window - ' + String09 + ';' ELSE '' END + CASE WHEN String10 != '-' THEN 'Lockout Duration - ' + String10 + ';' ELSE '' END + CASE WHEN String11 != '-' THEN 'Password Properties - ' + String11 + ';' ELSE '' END + CASE WHEN  String12 != '-' THEN 'Min. Password Length - ' + String12 + ';' ELSE '' END + CASE WHEN String13 != '-' THEN 'Password History Length - ' + String13 + ';' ELSE '' END + CASE WHEN String14 != '-' THEN 'Machine Account Quota - ' + String14 + ';' ELSE '' END + CASE WHEN String15 != '-' THEN 'Mixed Domain Mode - ' + String15 + ';' ELSE '' END + CASE WHEN String16 != '-' THEN 'Domain Behavior Version - ' + String16 + ';' ELSE '' END AS ChangedAttribute FROM  AdtServer.dvAll WHERE (EventId = 643 OR EventId = 4739) AND (CreationTime >= @StartDate) AND (CreationTime <= @EndDate) .......................................... .     Policy_-_Audit_Policy_Changed .......................................... SELECT CreationTime AS DateTime, ClientDomain AS Domain, ClientUser AS UserAccount, String01 + 'Logon/Logoff, ' + String02 + 'Object Access, ' + String03 + 'Privilege Use, ' + String04 + 'Account Management, ' + String05 + 'Policy Change, ' + String06 + 'System, ' + String07 + 'Detailed Tracking, ' + String08 + 'Directory Access, ' + String09 + 'Account Logon, ' AS PolicyChange FROM  AdtServer.dvAll WHERE (EventId = 612) AND (CreationTime >= @StartDate) AND (CreationTime <= @EndDate) UNION SELECT CreationTime AS DateTime, PrimaryDomain AS Domain, PrimaryUser AS UserAccount, 'Category = ' + String01 + '; Subcategory = ' + String02 + ';Change = ' + String04 AS PolicyChange FROM  AdtServer.dvAll AS dvAll_1 WHERE (EventId = 4719) AND (CreationTime >= @StartDate) AND (CreationTime <= @EndDate) .......................................... .     Policy_-_Object_Permissions_Changed ..........................................      SELECT CreationTime AS DateTime, EventMachine AS Computer, PrimaryDomain + '\' + PrimaryUser AS ChangingUser, String02 AS ObjectType, String03 AS ObjectName, String05 AS OldACL, String06 AS NewACL, String08 AS ChangingProcess FROM   AdtServer.dvAll WHERE  (EventId = 4670) AND (CreationTime >= @StartDate) AND (CreationTime <= @EndDate) .......................................... .     Policy_-_Privilege_Added_Or_Removed .......................................... SELECT CreationTime AS DateTime, TargetDomain AS Domain, TargetUser AS UserAccount, String01 AS Privilege, EventMachine AS Computer, CASE WHEN EventId = 608 THEN 'GRANT' WHEN EventId = 621 THEN 'GRANT' WHEN EventId = 609 THEN 'REMOVE' WHEN EventId = 622 THEN 'REMOVE' END AS Operation FROM  AdtServer.dvAll WHERE (EventId = 608 OR EventId = 609 OR EventId = 621 OR EventId = 622) AND (CreationTime >= @StartDate) AND (CreationTime <= @EndDate) UNION SELECT CreationTime AS DateTime, PrimaryDomain AS Domain, TargetUser AS UserAccount, String01 AS Privilege, EventMachine AS Computer, CASE WHEN EventId = 4704 THEN 'GRANT' WHEN EventId = 4705 THEN 'REMOVE' END AS Operation FROM   AdtServer.dvAll AS dvAll_1 WHERE  (EventId = 4704 OR EventId = 4705) AND (CreationTime >= @StartDate) AND (CreationTime <= @EndDate)

Krátce po uvedení plné finální verze (1. cervence) budou v druhé polovine roku 2009 k dispozici reporty ACS i pro systémy Linux a Unix. Bližší informace a podrobnosti uvádí na blogu System Center Operations Manager Joseph Chan - zde.

Ve výše uvedeném príspevku je k dispozici také pracovní verze kompletní sady nových reportu, které nyní podporují aktuální verze Windows (od verze 2000 až po 2008 R2 a Windows 7) a jsou cástecne prepsány pro lepší výkon. Výstupy mají normalizovaná pole pro ruzné operacní systémy, takže data jsou prezentována v jednom spolecném formátu (sada reportu, zip).

Znacky Technorati: SCOM 2007,Audit Collection System,Report