Basic installation steps

Each UNIX package installed on the Windows system is provided in Gzipped tar (tar.gz) file format and includes, as a file suffix, the name of the platform, such as ut-n-n-n-solaris.tar.gz.

The basic installation procedure is as follows:

1. Log into the target UNIX platform with a root login, run a web browser, and connect to the BMC Defender SIEM Server.
   Download the UTS package specific for UNIX platform from the BMC Defender SIEM Server. The following URL lists all the UTS packages, permitting the download of any package or UTS documentation:
   http://(BMCDefenderSIEMServer)/s-doc/UNIX/ 
   The value of BMCDefenderSIEMServer is the location where the BMC Defender UTS is installed, including any optional HTTP port number.
2. On the UNIX system, copy the tar.gz file, downloaded from the Windows platform above, to the directory where the BMC Defender directory creates (typically either the /opt directory or the /usr/local directory).
   You can use a web browser or standard binary ftp.
3. Gunzip the tar.gz file, and then extract files using tar –xvf.
   This step creates the BMC Defender directory, which contains all the UTS files for the platform.

4. Using a text editor, modify the CO-logmon.cnf file and specify the IP address of the BMC Defender SIEM Server. 

   Warning

   Note

   You might sometimes miss this required step, and the default address of 127.0.0.1 might not work. The destination for syslog messages must be specified as part of the initial configuration.

5. Start the CO-logmon  process, and optionally configure the CO-logmon process to start as a background process on the platform.
   You can typically accomplish this by editing the /etc/rc.local file, or by creating an /etc/rc.d startup script, depending on the particular target operating system.

   Warning

   Note

   The CO-logmon process does not work and, by default, runs in the foreground. Therefore, you must specify an ampersand (&) character as part of the command invocation, to make this a background process. Failure to add a trailing & character to the command invocation might result in delays during node startup.

6. Optionally, repeat step 4 and step 5 to install the CO-fmon file integrity monitor process.
   That is, using a text editor, modify the CO-fmon.cnf and specify the IP address of the BMC Defender SIEM Server, and then start the  CO-fmon process as a background process. 

The CO-logmon or CO-fmon programs can now run. On startup, each sends a single syslog message to the configured destination host. Check the host to verify that a message was correctly sent and received. No other steps are needed to install and start the UNIX program.