I know ACS could collect system logs and account access behavior. Could SCOM ACS colletct VMware account login/logout and VMware logs? If not, any MP availabe or SCOM 2012 will support it? Thanks.

Hi Not sure if that is a mistype - ACS collects SECURITY log information. You configure auditing through group policy to determine the events that collected by ACS (and this includes login \ logout info). You can also apply a noise filter at the ACS Collector if it is just specific info that you want (e.g. the vmware account). http://technet.microsoft.com/en-us/library/bb381373.aspx ACS has nothing to do with Management Packs is really just a stand-alone application, seperate from OpsMgr - OpsMgr is really just the delivery mechanism for the ACS Forwarder \ agent. So, no changes coming. In general, if you want to generate alerts on Security Events, you can either look at Secure Vantage Security MPs: http://www.securevantage.com Or create your own: First determine the windows event id you need: http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx Then create a rule or monitor to alert on the eventid. I actually prefer to use a rule rather than a monitor as there is no “healthy” event id to reset the monitor. You can use a timed reset monitor but you risk missing alerts as no new alerts will be generated while the monitor is in an “unhealthy” state. http://blogs.technet.com/operationsmgr/archive/2009/05/12/opsmgr-2007-how-to-get-alert-for-domain-group-membership-changes.aspx Update – Kevin Holman has also posted a blog article on this at http://blogs.technet.com/b/kevinholman/archive/2010/04/12/using-opsmgr-for-intrusion-detection-and-security-hardening.aspx Cheers GrahamView OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Hi Not sure if that is a mistype - ACS collects SECURITY log information. You configure auditing through group policy to determine the events that collected by ACS (and this includes login \ logout info). You can also apply a noise filter at the ACS Collector if it is just specific info that you want (e.g. the vmware account). http://technet.microsoft.com/en-us/library/bb381373.aspx ACS has nothing to do with Management Packs is really just a stand-alone application, seperate from OpsMgr - OpsMgr is really just the delivery mechanism for the ACS Forwarder \ agent. So, no changes coming. In general, if you want to generate alerts on Security Events, you can either look at Secure Vantage Security MPs: http://www.securevantage.com Or create your own: First determine the windows event id you need: http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx Then create a rule or monitor to alert on the eventid. I actually prefer to use a rule rather than a monitor as there is no “healthy” event id to reset the monitor. You can use a timed reset monitor but you risk missing alerts as no new alerts will be generated while the monitor is in an “unhealthy” state. http://blogs.technet.com/operationsmgr/archive/2009/05/12/opsmgr-2007-how-to-get-alert-for-domain-group-membership-changes.aspx Update – Kevin Holman has also posted a blog article on this at http://blogs.technet.com/b/kevinholman/archive/2010/04/12/using-opsmgr-for-intrusion-detection-and-security-hardening.aspx Cheers GrahamView OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

I guess you would want to pick up the vmware security logging. You could pick up syslog things with Veeam Nworks (next to the whole monitoring of vmware of course).Bob Cornelissen - BICTT (My BICTT Blog)

Could Veeam Nworks collect vmware security log and integrate into SCOM ACS? Thanks.

I dont think this is an ACS solution. This is just picking up the items. You could go over to the veeam nworks forum and ask over there. http://www.veeam.com/forums/viewforum.php?f=1&sid=f0314fc7a5a269ce161c74bb309a778f . I think the best chance of getting the info you want from vmware into scom would be Nworks. Just not sure if it can be done in the form you would like it. Sometimes it is needed to work with the methods the tool works with.Bob Cornelissen - BICTT (My BICTT Blog)

No, nworks/Acs cannot do that. Virtual Center connections are present in the nworks event logs on your collectors servers. So you just have to do a collection rules that will store these events in the OperationsManagerDW DB and create a report showing you information for this eventid.Christopher Keyaert - My OpsMgr / SCOM & Opalis blog : http://www.vnext.be