CO-logmon program and features

The CO-logmon program monitors streaming log files. It reads the CO-logmon.cnf file to acquire the list of monitored files and then continuously watches for lines to append to these files. For a new line addition to a file, the line is fetched, compared to match patterns, and then sent to the BMC Defender Server (as needed). Any streaming log file can be monitored.

Additionally, the CO-logmon program can watch for file modification times and send syslog messages indicating whether specific files should be modified or deleted from the system. For example, the CO-logmon program can report when the password, group, hosts, or any other text or binary file is modified or deleted.

The destination address for all messages is configured in the CO-logmon.cnf file, which is in the same directory as the CO-logmon program. This file must exist in that location and reads whenever the CO-logmon program starts. A detailed explanation of this configuration file, including all directives that include in the file, is provided in CO-logmon-configuration-file .

The CO-logmon program creates the CO-logmon.log file in the same directory as the executable program and the configuration file. This log file can contain any errors and can contain syslog messages (if so configured). The file is overwritten each time the server starts, and the file typically contains only a few lines. This log file does not need any maintenance.

Although the CO-logmon program is not specifically required for any Unix platform to use the BMC Defender Server, there are various important functions that the CO-logmon agent can perform in an enterprise. In many circumstances, these features can be achieved only through installing and deploying the CO-logmon program:

• Text File Monitoring—CO-logmon can monitor any arbitrary text file for appended lines. This includes any file created by the standard Syslogd process, transfer logs, apache logs, database logs, and audit logs. This extends the existing syslog capability of the UNIX platform to include arbitrary log files.
• File Modification Monitoring—CO-logmon can monitor the timestamps of any file object, including text files, object files, and directories. This provides a simple way to watch for unauthorized changes to system password files, group files, or other security-related data.

• Source Filtering—-CO-logmon can extend the filtering of syslog messages at the source platform, reducing network load. 

  Example

  You can disable certain classes of messages based on keywords within the message, or you can override the facility or severity of messages at the Unix source (rather than at the BMC Defender Server).

• Remote Management—CO-logmon  supports remotely managing the main BMC Defender Server, so that it filters and match patterns and can be remotely modified (through the BMC Defender web interface or using the standard rsmconf.exe BMC Defender utility).
• Remote Import Of Files—CO-logmon supports the BMC Defender Import facility, which allows you to import log files from the Unix platform into BMC Defender. This simplifies the import process for Unix platforms.
• Data Encryption—CO-logmon supports both the native encryption functions of BMC Defender Server and the AES-256/TLS encryption for advanced internal security, including remote key exchange with the BMC Defender Server. This provides a higher degree of security for the syslog transport layer.

Also, a critical application of CO-logmon is to manage homegrown applications and scripts.