Skip to Content


Overview

The

BMC Defender Agent for Unix/Linux

is a collection of executables and files that augment the native syslog capability of a Unix platform. In particular, this non-intrusive agent monitors streaming log files and relays syslog messages to a syslog receiver. This process facilitates integrating the BMC AMI Command Center for Security and BMC Defender SIEM Correlation Server (also known as BMC Defender Server) with Unix platforms. Additionally, the agent includes a File Integrity Monitor program that can test whether specific directories of files change continuously.

Related topics

Installing

CO-logmon-configuration-file

Remote-configuration

Warning

Important

The optional

BMC Defender Agent for Unix/Linux

package does not replace the native Unix syslog capability of a platform. Because common Unix, Linux, and IBM z/Linux operating systems have native syslog capability, you are not required to install the agent to use BMC Defender Server. For many enterprises, simply adjusting the native syslog process (through the syslog.conf file) to relay messages to BMC Defender is sufficient.

However, consider installing the agent if your site could benefit from enhanced syslog functionality such as:

  • Monitoring arbitrary streaming log files (such as Apache transfer and error logs)
  • Monitoring object access (such as system password or hosts file)

The 

BMC Defender Agent for Unix/Linux

 consists of the following programs:

  • BMC Datastream Log File Monitor (CO-logmon program) service is a compact but powerful program that allows arbitrary log files to instrument with match patterns. When specific match patterns are detected in streaming log files, syslog messages of the appropriate severity and facility are sent to the syslog server program.
  • BMC Datastream File Integrity Monitor (FIM adapter, CO-fmon program) service is a second agent program that continuously tests file directories (user specified via a configuration file). FIM tests to see whether files are added, deleted, or modified on the system and sends a syslog message if changes are detected.
  • BMC Datastream Sendlog utility can be used in scripts, or launched by application programs to send syslog messages to a syslog server host. Because this utility is a stand-alone executable, relying on no other files, you can  easily adapt it to user-specific applications

The 

BMC Defender Agent for Unix/Linux

is similar to the BMC Defender Agent for Windows system. Both support advanced encryption, file import, source filtering of messages, remote configuration, and other features. For more information, see BMC Defender Agent for Windows.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Defender Agent for Unix/Linux 6.2