Message encryption

The CO-logmon program encrypts messages sent to the BMC Defender SIEM Server system. To disable the function, the administrator would need to edit the EncryptData directive and set the value to False.

The encryption prevents casual snooping of the data by using a block rotating, time-based cipher that is built into the BMC Defender SIEM Server and CO-logmon. The encryption causes no apparent changes to the displayed data. However, changing the destination address to another syslog server makes it apparent that the data is encrypted.

The encryption provides a fair degree of protection against network sniffers. However, because a single 1024-bit private key is used for all the transmissions, this encryption does not protect against man-in-the-middle type attacks or replay attacks. This encryption is mainly useful for sending syslog messages across a public internet, to prevent casual observers from intercepting and observing the message content.

Related topic

CO-logmon-configuration-file

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*