Audit Collection Services Administration (AdtAdmin.exe)
Updated: May 13, 2016
Applies To: System Center 2012 R2 Operations Manager, System Center 2012 - Operations Manager, System Center 2012 SP1 - Operations Manager
The primary tool for managing Audit Collection Services (ACS) in System Center 2012 – Operations Manager is a command-line tool, AdtAdmin.exe, which is run locally on an ACS collector. You can use AdtAdmin to view current configurations and change the default configurations that apply to the ACS collector and ACS forwarders. AdtAdmin also allows you to apply filters that limit the events that are stored in the ACS database. These filters are formatted as Windows Management Instrumentation (WMI) Query Language (WQL) queries. (WQL is a subset of the American National Standards Institute Structured Query Language (ANSI SQL) with minor semantic changes to support WMI.)
AdtAdmin Syntax
AdtAdmin has 12 parameters, each of which has a few to several subparameters. The general syntax of AdtAdmin is as follows:
AdtAdmin.exe /<Parameter> [/<Subparameter>:<Value>]
The following table lists each parameter of AdtAdmin along with a description. For more information about the syntax of a specific parameter, click the name of the parameter in the table to link to the topic that describes it.
|
Parameter |
Description |
||
|---|---|---|---|
|
Creates a group on an ACS collector. Groups are used to organize ACS forwarders. |
|||
|
Deletes a previously created group on an ACS collector. |
|||
|
Disconnects an ACS forwarder or group of forwarders from an ACS collector. |
|||
|
Displays the authentication method used by the ACS collector to connect to the ACS database. |
|||
|
Displays the WQL queries currently in use on an ACS collector. WQL queries are used to filter events before they are saved to the ACS database. |
|||
|
Displays the name and some statistical information on the ACS forwarders that are connected to an ACS collector. |
|||
|
Displays the groups that are present on an ACS collector. |
|||
|
Specifies which authentication method the ACS collector uses to connect to the ACS database. Windows Authentication and SQL authentication are the available authentication methods. |
|||
|
Defines a WQL query that the ACS collector uses to filter the audit event data. |
|||
|
Displays statistical information about the ACS forwarders that are connected to an ACS collector. |
|||
|
Allows you to change the name and the value of an ACS forwarder and also to change the group to which an ACS forwarder belongs |
|||
|
Allows you to rename a group. |
Common Subparameters
Each AdtAdmin parameter has from a few to several subparameters. The subparameters allow you to apply a command to a specific ACS collector, a specific ACS forwarder, or group of forwarders and are the same for most AdtAdmin parameters. The subparameters, defined in the following table, can be used with an AdtAdmin parameter unless otherwise noted.
|
Subparameter |
Description |
|
|---|---|---|
|
/Collector:CollectorName |
Specifies an ACS collector to run a command against. If this subparameter is omitted, the local ACS collector is assumed. |
|
|
/Forwarder:Name |
Specifies an ACS forwarder by its computer name. |
|
|
/ForwarderID:ForwarderIDNumber |
Specifies an ACS forwarder by its identification number. An identification number is assigned to an ACS forwarder when it first connects to the ACS collector. |
|
|
/ForwarderSID:SID |
Specifies an ACS forwarder by its computer security identification number (SID). |
|
|
/Group:GroupName |
Specifies a group of ACS forwarders by the group’s name. |
|
|
/GroupID: IdentificationNumber |
Specifies a group of ACS forwarders by the group’s identification number. An identification number is assigned to a group when it is first created. |
|
|
/Value:ValueNumber |
Specifies an ACS forwarder or ACS group by its assigned connection value. The ACS collector prioritizes connections from ACS forwarders using connection values that range from -1 through 99. A -1 value means the forwarder is part of an ACS group and that the group's value is used to determine the forwarder's priority. A 0 value means the ACS collector ignores data from that ACS forwarder or group. If event saturation is detected, a collector disconnects forwarders or a group of forwarders with lower values before disconnecting forwarders with higher values. |
|
See Also
Collecting Security Events Using Audit Collection Services in Operations Manager
How to Configure Certficates for ACS Collector and Forwarder
Audit Collection Services Capacity Planning
Audit Collection Services Performance Counters
How to Enable Audit Collection Services (ACS) Forwarders
Audit Collection Services Security
How to Filter ACS Events for UNIX and Linux Computers
Monitoring Audit Collection Services Performance
How to Remove Audit Collection Services (ACS)
Audit Collection Services Security