ACS Event Retention Mechanism

I get a lot of questions about how ACS event retention works.  So here you go, I’m blogging it so I can just answer with a link 🙂 There are two DWORD registry values which affect backlog transmission.  Both are on the collector machine under HKLM\System\CurrentControlSet\Services\AdtServer\Parameters. EventRetentionPeriod, if present, is expressed in hours (I forget…

0

ACS’ first bug from being too performant

We got several reports recently of a bug in ACS that certain DS Access events, primarily for dnsNode and dnsZone objects, don’t properly get looked up. Some background: the event log in Windows prefers to log invariants such as message IDs, parameter message IDs, SIDs (security IDs which represent users and groups, etc.), and GUIDs (globally…

0

ACS Event Transformation Demystified

I’ve decided to start dumping my knowledge of ACS for posterity’s sake.  My first installment is here, and it’s an excerpt from an external email I put together which describes how event transformation works on ACS.   Transformation is performed on the agent (using instructions provided at connect time by the collector) and on the collector. …

0