Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Command Center for Security 6.2.

Installation requirements for BMC Defender Server

This topic describes the requirements for successfully installing and running BMC AMI Command Center for Security or BMC Defender SIEM Correlation Server (products also called BMC Defender Server).

Related topics

Planning

Storage-health-check

BMC Defender Agent for Windows

Disk space requirements are highly dependent on the average message length and expected message volume per day. For example:

  • 1 day, with an average message length of 900 characters and 50,000,000 million messages, requires 50 GB per day.
  • 30 days of logging the messages takes 1.5 TB of drive space.
  • 180 days of archiving the messages take 270 GB of drive space.

Three categories of data are saved by the system:

  • Logs—Logs contain the raw data ingested by the system. Each message can be a maximum of 2,000 bytes. By default, log data is saved in the main installation directory, but high-volume systems can assign the logs to an alternate drive. You can change the path on Messages > Config > Parms tab.
  • Catalogs—Catalogs contain index information for the system. The data is frequently accessed and must stay on the same disk as the installation directory. Catalogs usually take less than 10% of the space required by the logs.
  • Archives—Archives are compressed back ups of the daily log data. By default, log data is saved in the main installation directory, but high-volume systems can assign the archives to an alternate drive. This path can be altered on the Messages > Config > Parms tab. Archives are approximately 3% of the size of a daily log and are rarely accessed. 

Note

Any changes to the path of the stored data require you to restart the system services.

You can configure the number of days to retain data on the Messages > Config > Parms tab.

You can add or expand disk drives to allow for more storage space.

Software requirements

Ensure your system meets the following software requirements:

  • Any supported Microsoft Windows operating system – stand-alone or on a virtual machine
  • Web browser such as Chrome, Firefox, and Internet Explorer
  • Apache server (provided with installation)
  • (Optional) Microsoft Excel
  • Adobe Acrobat Reader, for viewing some electronic documentation files

Security and access requirements

A user must have administrative rights on the server platform to install and configure the software.

The following table summarizes all the service ports that can be used by the system. The system administrator should verify that firewalls permit communication between the agent and the manager.

Designated port numbers depend on specific options that you might have installed at your site:

Protocol

Port

Service

Description

TCP

80

HTTP Server

Used by BMC Defender Server to listen for web browser requests

TCP

443

Secure HTTP

Used by BMC Defender Server to listen for HTTPS requests

UDP

514

Syslog Receiver

Used by BMC Defender Server to listen for syslog messages

UDP

162

SNMP Trap Receiver

(Optional) Used by BMC Defender Server to listen to SNMP traps

TCP

55514

Remote Agent Config

(Optional but recommended) Used by BMC Defender Agent for Windows to listen for remote configuration requests

TCP

51462

Tunnel Receiver

(Optional) Used by BMC Defender Server to listen for tunneled messages from agents

Additional requirements

Ensure that your system meets the following additional requirements:

Requirement

Description

Syslog messages 

To receive syslog messages from Windows platforms, you must install BMC Defender Agent for Windows on each client platform. This is a standard part of the installation software.

To receive syslog messages from UNIX systems, root access to the client platform is required to configure the standard syslog.conf configuration file.

Windows event logs

Install BMC Defender Agent for Windows on the client servers and workstations as described in Installing BMC Defender Agent for Windows.

SNMP traps

Set the trap destination for the server, workstation or device to point to the server.

Application logs

Install and configure BMC Defender Agent for Windows on the client platforms.

The logs directory can consume large amounts of disk space. For this reason, it is common to relocate the logs directory to a separate dedicated disk. For best results, the disk should not be a network server, which can dramatically slow down the CO-syslog.exe process.

You specify the location of the new syslog data directory on the Messages > Config > Parms tab of the web interface. For instance, the administrator can specify an auxiliary disk, such as the D: drive.

Note

Changing the syslog data directory requires a restart of the syslog process or node to take effect.

Where to go from here

Plan your deployment strategy.

Install BMC Defender Server or examine more detailed instructions in the Installing section.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*