This article is a step by step tutorial how to deploy the SCOM 2012 Audit Collection Service (ACS).

The deployment has 3 parts:

  1. How to Install an ACS Collector and Database
  2. How to Enable ACS Forwarders
  3. How to Deploy ACS Reporting

Audit Collection Service (ACS) is used to collect records generated by an audit policy and store them in a centralized database. Using ACS, organizations can consolidate individual Security logs into a centrally managed database and can filter and analyze events using the data analysis and reporting tools provided.



You could deploy the Audit Collection Service (ACS) feature to collect Security logs. It is not possible by design to collect other logs events than Security. But you could trick the system by duplicating your Application/System events into the Security log with this software: Progel Security Log Gateway.

ACS feature involves specific components :

  • ACS Agent called Forwarder, a service running on a SCOM agent
  • ACS Collector, a Management Server used to gather events sent by ACS agents
  • ACS Database, a SQL Database storing the events