The effect of configuring filter on an ACS Collector

As a follow up to my previous post, I want to share my findings on the effect of configuring filter on the ACS Collector side in order to collect and store only security events which are relevant for your reporting purposes.

To limit the list of events that are stored in the ACS database to only specific subset of events which are required for reporting purposes, AdtAdmin.exe /SetQuery command line utility was used.

The total number of events collected on a daily basis has been drastically reduced by setting up ACS Collector filter, as can be seen in the diagram provided below.

This diagram shows the total number of events stored within the Audit Collections Services database on a daily basis. On the day 12, ACS Collector filter has been set-up in order to filter-out all unnecessary security events from collection. A picture is worth a thousand words…

Total number of events stored on a daily basis within the ACS database
Total number of events stored on a daily basis within the ACS database before/after configuring ACS Collector
Advertisements
The effect of configuring filter on an ACS Collector

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s