审核收集服务管理 (AdtAdmin.exe)

适用于： System Center 2012 R2 Operations Manager,System Center 2012 - Operations Manager,System Center 2012 SP1 - Operations Manager

<_caps3a_sxs _xmlns3a_caps="https://schemas.microsoft.com/build/caps/2013/11"><_caps3a_sxstarget locale="zh-CN">System Center 2012 – Operations Manager 中用于管理审核收集服务 (ACS) 的主要工具是命令行工具 AdtAdmin.exe，它在 ACS 收集器上本地运行。 你可以使用 AdtAdmin 来查看当前配置以及更改应用于 ACS 收集器和 ACS 转发器的默认配置。 AdtAdmin 还使你能够应用筛选器，限制在 ACS 数据库中存储的事件。 这些筛选器被格式化为 Windows Management Instrumentation (WMI) 查询语言 (WQL) 查询。 （WQL 是美国国家标准学会结构化查询语言 (ANSI SQL) 的子集，有少量语义修改以支持 WMI。）AdtAdmin 语法AdtAdmin 有 12 个参数，每个参数都有少数到若干子参数。 AdtAdmin 的常规语法如下：AdtAdmin.exe /<Parameter> [/<Subparameter>:<Value>]下表列出 AdtAdmin 的每个参数以及描述。 有关特定参数的语法的详细信息，请单击表中参数的名称，以链接到描述该参数的主题。参数描述AdtAdmin.exe /AddGroup 在 ACS 收集器上创建组。 组用来组织 ACS 转发器。AdtAdmin.exe /DelGroup 删除先前在 ACS 收集器上创建的组。AdtAdmin.exe /Disconnect 断开 ACS 转发器或转发器组与 ACS 收集器的连接。AdtAdmin.exe /GetDBAuth 显示 ACS 收集器用来连接到 ACS 数据库的身份验证方法。AdtAdmin.exe /GetQuery 显示 ACS 收集器上当前使用的 WQL 查询。 WQL 查询用来在将事件保存到 ACS 数据库之前筛选事件。AdtAdmin.exe /ListForwarders 显示连接到 ACS 收集器的 ACS 转发器的名称以及某些统计信息。AdtAdmin.exe /ListGroups 显示 ACS 收集器上存在的组。AdtAdmin.exe /SetDBAuth 指定 ACS 收集器用来连接到 ACS 数据库的身份验证方法。 Windows 身份验证和 SQL 身份验证是可用的身份验证方法。AdtAdmin.exe /SetQuery 定义 ACS 收集器用来筛选审核事件数据的 WQL 查询。AdtAdmin.exe /Stats 显示有关连接到 ACS 收集器的 ACS 转发器的统计信息。AdtAdmin.exe /UpdForwarder 允许你更改 ACS 转发器的名称和值，以及更改 ACS 转发器所属的组。AdtAdmin.exe /UpdGroup 允许你重命名组。常见子参数每个 AdtAdmin 参数都有少数到若干子参数。 子参数允许你将命令应用于特定的 ACS 收集器、特定的 ACS 转发器或转发器组，并且对于大多数 AdtAdmin 参数都相同。 除非另有说明，下表中定义的子参数可以与 AdtAdmin 参数一起使用。子参数描述/Collector:CollectorName指定要对其运行命令的 ACS 收集器。 如果省略此子参数，则假定使用本地 ACS 收集器。/Forwarder:Name按其计算机名称指定 ACS 转发器。/ForwarderID:ForwarderIDNumber按其标识号指定 ACS 转发器。 首次连接到 ACS 收集器时，将为 ACS 转发器分配一个标识号。/ForwarderSID:SID按其计算机安全标识号 (SID) 指定 ACS 转发器。/Group:GroupName按组的名称指定一组 ACS 转发器。/GroupID:IdentificationNumber按组的标识号指定一组 ACS 转发器。 首次创建组时，将为组分配一个标识号。/Value:ValueNumber按分配的连接值指定 ACS 转发器或 ACS 组。 ACS 收集器使用范围介于 -1 到 99 之间的连接值区分 ACS 转发器连接的优先次序。 A -1 值表示转发器属于 ACS 组，该组的值用于确定转发器的优先级。 0 值表示 ACS 收集器忽略来自 ACS 转发器或组的数据。 如果检测到事件饱和，收集器在断开值较高的转发器之前，先断开值较低的转发器或转发器组。Collecting Security Events Using Audit Collection Services in Operations Manager How to Configure Certficates for ACS Collector and Forwarder Audit Collection Services Capacity Planning Audit Collection Services Performance Counters How to Enable Audit Collection Services (ACS) Forwarders Audit Collection Services Security How to Filter ACS Events for UNIX and Linux Computers Monitoring Audit Collection Services Performance How to Remove Audit Collection Services (ACS) Audit Collection Services Security <_caps3a_sxssource locale="en-US">The primary tool for managing Audit Collection Services (ACS) in System Center 2012 – Operations Manager is a command-line tool, AdtAdmin.exe, which is run locally on an ACS collector. You can use AdtAdmin to view current configurations and change the default configurations that apply to the ACS collector and ACS forwarders. AdtAdmin also allows you to apply filters that limit the events that are stored in the ACS database. These filters are formatted as Windows Management Instrumentation (WMI) Query Language (WQL) queries. (WQL is a subset of the American National Standards Institute Structured Query Language (ANSI SQL) with minor semantic changes to support WMI.)AdtAdmin SyntaxAdtAdmin has 12 parameters, each of which has a few to several subparameters. The general syntax of AdtAdmin is as follows:AdtAdmin.exe /<Parameter> [/<Subparameter>:<Value>]The following table lists each parameter of AdtAdmin along with a description. For more information about the syntax of a specific parameter, click the name of the parameter in the table to link to the topic that describes it.ParameterDescriptionAdtAdmin.exe /AddGroup Creates a group on an ACS collector. Groups are used to organize ACS forwarders.AdtAdmin.exe /DelGroup Deletes a previously created group on an ACS collector.AdtAdmin.exe /Disconnect Disconnects an ACS forwarder or group of forwarders from an ACS collector.AdtAdmin.exe /GetDBAuth Displays the authentication method used by the ACS collector to connect to the ACS database.AdtAdmin.exe /GetQuery Displays the WQL queries currently in use on an ACS collector. WQL queries are used to filter events before they are saved to the ACS database.AdtAdmin.exe /ListForwarders Displays the name and some statistical information on the ACS forwarders that are connected to an ACS collector.AdtAdmin.exe /ListGroups Displays the groups that are present on an ACS collector.AdtAdmin.exe /SetDBAuth Specifies which authentication method the ACS collector uses to connect to the ACS database. Windows Authentication and SQL authentication are the available authentication methods.AdtAdmin.exe /SetQuery Defines a WQL query that the ACS collector uses to filter the audit event data.AdtAdmin.exe /Stats Displays statistical information about the ACS forwarders that are connected to an ACS collector.AdtAdmin.exe /UpdForwarder Allows you to change the name and the value of an ACS forwarder and also to change the group to which an ACS forwarder belongsAdtAdmin.exe /UpdGroup Allows you to rename a group.Common SubparametersEach AdtAdmin parameter has from a few to several subparameters. The subparameters allow you to apply a command to a specific ACS collector, a specific ACS forwarder, or group of forwarders and are the same for most AdtAdmin parameters. The subparameters, defined in the following table, can be used with an AdtAdmin parameter unless otherwise noted.SubparameterDescription/Collector:CollectorNameSpecifies an ACS collector to run a command against. If this subparameter is omitted, the local ACS collector is assumed./Forwarder:NameSpecifies an ACS forwarder by its computer name./ForwarderID:ForwarderIDNumberSpecifies an ACS forwarder by its identification number. An identification number is assigned to an ACS forwarder when it first connects to the ACS collector./ForwarderSID:SIDSpecifies an ACS forwarder by its computer security identification number (SID)./Group:GroupNameSpecifies a group of ACS forwarders by the group’s name./GroupID: IdentificationNumberSpecifies a group of ACS forwarders by the group’s identification number. An identification number is assigned to a group when it is first created./Value:ValueNumberSpecifies an ACS forwarder or ACS group by its assigned connection value. The ACS collector prioritizes connections from ACS forwarders using connection values that range from -1 through 99. A -1 value means the forwarder is part of an ACS group and that the group's value is used to determine the forwarder's priority. A 0 value means the ACS collector ignores data from that ACS forwarder or group. If event saturation is detected, a collector disconnects forwarders or a group of forwarders with lower values before disconnecting forwarders with higher values.Collecting Security Events Using Audit Collection Services in Operations Manager How to Configure Certficates for ACS Collector and Forwarder Audit Collection Services Capacity Planning Audit Collection Services Performance Counters How to Enable Audit Collection Services (ACS) Forwarders Audit Collection Services Security How to Filter ACS Events for UNIX and Linux Computers Monitoring Audit Collection Services Performance How to Remove Audit Collection Services (ACS) Audit Collection Services Security