Example of CO-logmon.cnf
As stated in the CO-logmon-configuration-file topic, the configuration file does not necessarily require modification. The default configuration, which the installation utility creates, is adequate for most environments. However, if you want to create a highly customized installation, targeting specific types of event log messages, you can do so by modifying the directives in CO-logmon.cnf.
This file resides in the same directory as the CO-logmon program (which corresponds to the BMC Defender syslog Message UNIX Service.)
The following example shows the default CO-logmon.cnf file:
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# CO-Logmon, BMC-AMI-Datastream for z/Linux
# Log Monitor Message Service Configuration File.
# z/Linux s390x Version
# See "BMC-Datastream Unix Tool Set Reference Manual" for detailed notes.
# Copyright (c) 2009 - 2018, CorreLog, Inc. All rights reserved.
# Copyright 2018 - 2021, BMC Software, Inc. http://www.bmc.com
# All rights reserved.
# DO NOT DISCLOSE.
#
#
# Example command line to keep application running:
#
# nohup ./CO-logmon </dev/null > /tmp/logmon.output.log 2>&1 &
#
#
# The following two items are the only items actually required.
# They are configured manually, or by the installation procedure,
# and are not affected by remote configuration operations.
#
# The location of the BMC-Datastream server (or other syslog host) must
# be configured below. The value must be properly configured by the
# administrator
DestinationAddress 127.0.0.1
DestinationPort 514
# Parameters used for remote configuration of this process via the
# BMC-Datastream web interface. The user can comment these values out to
# disable remote configuration. The "ListenAuthMode" can take values
# 0=No Auth, 1=Source Address, 2=PassKey, 3=Address and Key. These
# values cannot be changed via remote configuration.
ListenAuthMode 0
ListenPassKey Default
ListenPort 55514
# Prefix all messages with the computer hostname and user name.
MessagePrefix z/Linux Location: %HOSTNAME% User Name: %USER% -
# Send this message periodically:
MarkerMessage ZLinux Agent Running.
MarkerMinutes 30
# The next section provides a list of filenames, match keywords and
# the facility and severity of the resulting syslog message. The
# following default values can be augmented or modified.
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /var/log/secure
LogName Security
MaxSizeChange 10000
DefaultFacility security
DefaultSeverity auto
UseSeverity error
MatchKeyWord fail
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /var/log/auth.log
LogName Auth
MaxSizeChange 10000
DefaultFacility auth
DefaultSeverity info
UseSeverity error
MatchKeyWord fail
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /etc/passwd
LogName Password File:
LogStatChange enabled
DefaultFacility audit
DefaultSeverity warning
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /etc/group
LogName Groups File:
LogStatChange enabled
DefaultFacility audit
DefaultSeverity warning
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /etc/hosts
LogName System Host File:
LogStatChange enabled
DefaultFacility audit
DefaultSeverity warning
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /etc/sudoers
LogName Sudoers File:
LogStatChange enabled
DefaultFacility audit
DefaultSeverity warning
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# END OF FILE
# CO-Logmon, BMC-AMI-Datastream for z/Linux
# Log Monitor Message Service Configuration File.
# z/Linux s390x Version
# See "BMC-Datastream Unix Tool Set Reference Manual" for detailed notes.
# Copyright (c) 2009 - 2018, CorreLog, Inc. All rights reserved.
# Copyright 2018 - 2021, BMC Software, Inc. http://www.bmc.com
# All rights reserved.
# DO NOT DISCLOSE.
#
#
# Example command line to keep application running:
#
# nohup ./CO-logmon </dev/null > /tmp/logmon.output.log 2>&1 &
#
#
# The following two items are the only items actually required.
# They are configured manually, or by the installation procedure,
# and are not affected by remote configuration operations.
#
# The location of the BMC-Datastream server (or other syslog host) must
# be configured below. The value must be properly configured by the
# administrator
DestinationAddress 127.0.0.1
DestinationPort 514
# Parameters used for remote configuration of this process via the
# BMC-Datastream web interface. The user can comment these values out to
# disable remote configuration. The "ListenAuthMode" can take values
# 0=No Auth, 1=Source Address, 2=PassKey, 3=Address and Key. These
# values cannot be changed via remote configuration.
ListenAuthMode 0
ListenPassKey Default
ListenPort 55514
# Prefix all messages with the computer hostname and user name.
MessagePrefix z/Linux Location: %HOSTNAME% User Name: %USER% -
# Send this message periodically:
MarkerMessage ZLinux Agent Running.
MarkerMinutes 30
# The next section provides a list of filenames, match keywords and
# the facility and severity of the resulting syslog message. The
# following default values can be augmented or modified.
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /var/log/secure
LogName Security
MaxSizeChange 10000
DefaultFacility security
DefaultSeverity auto
UseSeverity error
MatchKeyWord fail
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /var/log/auth.log
LogName Auth
MaxSizeChange 10000
DefaultFacility auth
DefaultSeverity info
UseSeverity error
MatchKeyWord fail
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /etc/passwd
LogName Password File:
LogStatChange enabled
DefaultFacility audit
DefaultSeverity warning
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /etc/group
LogName Groups File:
LogStatChange enabled
DefaultFacility audit
DefaultSeverity warning
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /etc/hosts
LogName System Host File:
LogStatChange enabled
DefaultFacility audit
DefaultSeverity warning
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
LogFile /etc/sudoers
LogName Sudoers File:
LogStatChange enabled
DefaultFacility audit
DefaultSeverity warning
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# END OF FILE
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*