{"id":9112,"date":"2008-07-03T10:34:00","date_gmt":"1999-11-29T20:00:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=9112"},"modified":"2008-07-03T10:34:00","modified_gmt":"1999-11-29T20:00:00","slug":"audit-collection-database-and-disk-sizing-calculator-for-scom-2007","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=9112","title":{"rendered":"Audit Collection Database and Disk Sizing Calculator for SCOM 2007"},"content":{"rendered":"<p>I went to TechEd for the first time in Amsterdam in 2004.\u00a0 One of the cool things I heard about was a product in the works called Audit Collection Services.\u00a0 This was going to be a free download from Microsoft (like WSUS) that would be an intelligent version of Syslog for Microsoft products.\u00a0 Intelligent?\u00a0 Have a look at the security logs on a Windows box when auditing is enabled and tell me if you can figure things out.\u00a0 MS&#8217;s developers identified the important messages that allowed you to track those events and would gather them into a dedicated and centralised SQL database in near real time.<\/p>\n<p>We waited and waited but nothing got released.\u00a0 Nobody was talking.\u00a0 Then the news came out: it was going to be in the next version of Microsoft Operations Manger (we were still at MOM 2005 at the time) and not a free download.\u00a0 I first got to play with Systems Center Operations Manager 2007 while it was in beta back in 2006.\u00a0 <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb381258.aspx\">ACS<\/a> was one of the components I was most interested in.\u00a0 I listened to a MS webcast and immediately got scared.\u00a0 They had no way to calculate how big the database for ACS would be.\u00a0 It&#8217;s still a dedicated database, allowing auditors and security officers to have sole access.<\/p>\n<p>Think about this for a moment.\u00a0 Every network is different.\u00a0 Some networks have normal amounts of user activity.\u00a0 Some more and some less.\u00a0 Some networks are Internet facing and are attacked a lot and some are quietly isolated.\u00a0 There was no real way to calculate the disk requirements without significant empirical data.\u00a0 All MS could say was that they used <em>terabytes<\/em> of disk every month, 8 I think (I could be wrong with that number &#8211; it was 2 years ago).<\/p>\n<p>I&#8217;ve just <a title=\"read \" href=\"http:\/\/blogs.technet.com\/momteam\/archive\/2008\/07\/02\/audit-collection-acs-database-and-disk-sizing-calculator-for-opsmgr-2007.aspx\">read <\/a>that a SCOM MVP called <a href=\"http:\/\/www.it-jedi.net\/\">Pete Zerger<\/a> has built a <a href=\"http:\/\/blogs.technet.com\/momteam\/attachment\/3082512.ashx\">ACS requirements calculator<\/a> using guesstimates.\u00a0 According to the MOM Team blog, it looks pretty accurate compared to customer data that they are familiar with.<\/p>\n<p>ACS is a really cool tool.\u00a0 If you&#8217;re using SCOM 2005 and need some sort of security central logging or auditing solution then it just makes so much sense to enable it.\u00a0 Have a read about <a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/bb381258.aspx\">Audit Collection Services<\/a> and see what you think.<\/p>\n<p><em>Credit:<\/em> <em><a href=\"http:\/\/www.it-jedi.net\/\">Pete Zerger<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I went to TechEd for the first time in Amsterdam in 2004.\u00a0 One of the cool things I heard about was a product in the works called Audit Collection Services.\u00a0 This was going to be a free download from Microsoft (like WSUS) that would be an intelligent version of Syslog for Microsoft products.\u00a0 Intelligent?\u00a0 Have &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=9112\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Audit Collection Database and Disk Sizing Calculator for SCOM 2007&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[35],"tags":[],"class_list":["post-9112","post","type-post","status-publish","format-standard","hentry","category-scom-2007"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9112"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9112\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}