Audit Collection Services (ACS) is a component of OpsMgr that enables you to collect records generated by an audit policy and store them in a centralized database. These records are normally written to the local Security log; ACS enables taking that information and storing it in a centralized SQL Server repository. You can then filter and analyze information using the data analysis and reporting tools provided by SQL Server. ACS also comes with a number of reports out of the box.
ACS is protected from the rest of OpsMgr operations by design. Only those users specifically given the right to access the ACS database can run queries and create reports on the collected data.
Deploying ACS requires three components: forwarders (those machines you wish to capture security log information from), a collector (which receives information from forwarders), and a database. The database can be installed on the collector or separately for better performance.
Operations Manager is most popularly known for its ability to monitor and manage your servers, ACS is an optional component that you may want to investigate if you have not already.
Here are several references for additional information on ACS:
- System Center Operations Manager 2007 Unleashed (Sams, 2008), Chapter 15
- https://technet.microsoft.com/en-us/library/bb381373.aspx (overview)
- https://technet.microsoft.com/en-us/library/bb309523.aspx (capacity planning)
- https://technet.microsoft.com/en-us/library/bb309607.aspx (deploying)




