CO-fmon configuration file
The CO-fmon.cnf file contains the following sections:
Destination address and port number
The destination address and port number for syslog messages are required at the beginning of the file. You cannot move the directives to another section. If multiple entries exist, only the last entry recorded is used and the other directives are ignored.
They are set during the installation process, but you can modify the values.
The following table provides a description of the directives:
Directive | Description |
|---|---|
DestinationAddress | IP address that corresponds to the location of the BMC Defender syslog receiver (typically the IP address of BMC Defender Server) If this value is invalid, the CO-fmon program does not send syslog messages. |
DestinationPort | UDP port number The value is not usually changed and is provided for reference. Default value: 514 (standard UDP port number used by syslog) |
The directives are identical to the directives of the CO-fmon.cnf file.
Remote configuration parameters (optional)
You can configure remote capabilities, including the required type of authentication and optional passkey.
If you comment out or remove the directives from the configuration file, then remote configuration is disabled and only manual configuration of the CO-fmon program is permitted.
CO-fmon supports remote configuration directives by BMC Defender Server or the rsmconf.exe remote configuration utility.
The following directives support this function:
Directive | Description |
|---|---|
ListenAuthMode | Authentication mode used when processing remote requests The directive is followed by one of the following numbers:
Default value: 3 |
ListenPassKey | Passkey used with remote configuration when the ListenAuthMode value is 2 or 3 The value is a simple password. The corresponding password is found in the System > Parameters tab of BMC Defender Server. |
ListenPort | TCP port number by which CO-fmon listens for remote requests The value is not usually changed and is provided for reference. Default value: 55515 |
Required and optional parameters
You can modify the following ancillary directives:
Directive | Description |
|---|---|
Schedule | Time at which periodic checks are scheduled The following values are valid:
|
SchedDelaySecs | Number of seconds to delay by adding to the Scheduled Checks, corresponding to the SchedDelaySecs directive in the configuration file Use this value to balance the load of messages sent by various agent programs. |
ChangeSeverity | Severity given to messages that are sent when a file change is detected You can specify any valid severity, including disabled, which disables any notification when a file is changed. For more information about valid severities, see Facilities-and-severities. Default value: warning |
AddSeverity | Severity given to messages that are sent when a new file is detected You can specify any valid severity, including disabled, which disables any notification when a new file is detected. For more information about valid severities, see Facilities-and-severities. Default value: notice |
DeleteSeverity | Severity given to messages that are sent when a file is deleted You can specify any valid severity, including disabled, which disables any notification when a file is deleted. For more information about valid severities, see Facilities-and-severities. Default value: notice |
AutoGenImage | Whether an image file must be generated manually If True, the image file is replaced with the latest list of files each time that a check is performed; that is, each change is reported only once, instead of continuously, until a new image file is created. Default value: False |
UseChecksum | Whether file changes are detected based on the file creation date, modification date, or file size If True, file checksums are also generated and compared to detect changes. The setting can degrade the speed of checks and increase CPU usage, but it provides the most reliable way to detect file changes. Default value: False |
PollDelayMsec | Number of milliseconds to pause after testing each file on the system Integer values from 1 to 100 are valid. This parameter can reduce the CPU time consumed by the file checks. A value of 10 milliseconds is adequate for most systems. Increasing the value reduces CPU time, but also increases the time to perform file checks. Default value: 10 |
MessagePrefix | Prefix for any message that the system sends A prefix can help to distinguish messages. For example, you could use a keyword, device name, or organization name as a message prefix. If you omit this parameter, the message has no prefix. Default value: hostName userName |
Directory specifications (optional)
You can configure multiple directories that list all the files and facilities to monitor, and each directory can contain multiple match patterns and exclude patterns.
If you specify a directory, its subdirectories are also scanned unless the directory names specifically exclude the subdirectories.
The following directives are supported:
Directive | Description |
|---|---|
Directory | Name of a Windows directory with forward (UNIX style) slashes to delimit subdirectories The path name can include an environmental variable. All files in the directory and all files in all subdirectories (unless specifically excluded) are scanned. |
MatchPatt | Pattern that must match in the path or file name for the file to be monitored This directive must be preceded by the Directory directive. You can include multiple match patterns following each Directory directive. |
ExclPatt | Pattern that must match in the path or file name to exclude it from being monitored The directive must be preceded by the Directory directive. You can include multiple exclude patterns following each Directory directive. Although the directive can include file suffixes, such as *.log, it more typically includes the names of subdirectories to exclude from monitoring. |