CO-Fmon configuration file

The CO-Fmon.cnf file contains all the parameters and specifications related to the program’s operation. This file is found in the same directory as the CO-Fmon.exe program, by default the C:\installationDirectory\wintools\CO-Fmon.cnf file. An example of this file is found in CO-Fmon-cnf-file.

There is no required editing of this file. The installation dialog creates a version of this file that will be adequate for many (and perhaps most) situations. However, if you want to fine tune the parameters of the syslog messages, or to monitor streaming log files in addition to the Windows Event logs, or need to change the location of the BMC Defender syslog destination, the file can be edited with a standard text editor, as explained here, or modified using the Remotely-configuring-BMC-Defender-File-Integrity-Monitor-Adapter.

If the configuration file changes using a manual edit, you must stop the CO-Fmon.exe service and restart the service. Any errors detected while reading the configuration file are logged to the CO-Fmon.log file, in the same directory as the CO-Fmon.exe program and CO-Fmon.cnf file. If the configuration file is changed using a remote configuration operation, no restart of the CO-Fmon.exe program is required.

Detail notes on this file, possibly of interest to administrators or developers, are provided in this section.

Note

The information herein is not necessarily required to install and use the CO-Fmon.exe program but is provided only to support more advanced applications and requirements.

Additional notes

  1. The BMC Defender FIM Adapter configuration file resides in the same directory as the CO-Fmon.exe executable and is the CO-Fmon.cnf file. By default, this file is located in the C:\installationDirectory\wintools directory.
  2. This file is read on Service Startup and contains the name of the destination host, as well as other directives.
  3. The file does not need to be modified and comes ready-to-run. However, you can tailor the file with directory names, match specifications, exclude specifications, and other parameters.
  4. If the configuration file is manually modified directly on the system, the file is read-only on service startup, that means the next time the agent starts there are a large number of changes reported to BMC Defender. You should manually regenerate the Image File using the CO-fmon.exe –generate function.
  5. You can specify a directory folder, and the system recursively descends into all sub-directories, checking all files that match the MatchPatt and do not match the ExclPatt.
  6. The optional RecursionDepth can be used to limit the depth of the scan for a directory folder. If omitted, up to 50 levels of directories re scanned. To scan just the specified directory, specify a RecursionDepth of zero.

The best way to learn about the configuration items is to experiment with the file, adding directives, and then possibly running the CO-Fmon.exe program in foreground (using the -foreground option). With this technique, you can quickly target specific messages on the system.

This section provides information about the following topics:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*