Overview

The

BMC Defender Agent for Unix/Linux

is a collection of executables and files that augment the native syslog capability of a Unix platform. In particular, this non-intrusive agent monitors streaming log files and relays syslog messages to a syslog receiver. This process facilitates integrating the BMC AMI Command Center for Security and BMC Defender SIEM Correlation Server (also known as BMC Defender Server) with Unix platforms. Additionally, the agent includes a File Integrity Monitor program that can test whether specific directories of files change continuously.

The 

BMC Defender Agent for Unix/Linux

consists of the following programs:

• BMC Defender Logfile Monitor service is a compact but powerful program that allows arbitrary log files to instrument with match patterns. When specific match patterns are detected in streaming log files, syslog messages of the appropriate severity and facility are sent to the syslog server program.
• BMC Defender Unix File Integrity Monitor (BMC Defender FIM Adapter) service is a second agent program that continuously tests file directories (user specified via a configuration file). FIM tests to see whether files are added, deleted, or modified on the system and sends a syslog message if changes are detected.
• BMC Defender sendlog utility can be used in scripts, or launched by application programs to send syslog messages to a syslog server host. Because this utility is a stand-alone executable, relying on no other files, you can  easily adapt it to user-specific applications

The 

BMC Defender Agent for Unix/Linux

is similar to the BMC Defender Agent for Windows system. Both support advanced encryption, file import, source filtering of messages, remote configuration, and other features. For more information, see BMC Defender Agent for Windows, included as part of the main BMC Defender Server distribution.