Event message encryption

As a special facility, the CO-sysmsg.exe program encrypts messages sent to the BMC Defender Server system. The administrator edits the EncryptData directive and sets the value to false to disable this function. The encryption prevents casual snooping of the data by using a block rotating, time-based cipher, built into both the BMC Defender Server and the CO-sysmsg.exe program. There is no apparent change to the data displayed. However, if you change to the destination address to point to another syslog server, it becomes apparent that the data is encrypted.

The encryption provides a fair degree of protection against network sniffers. However, since a single 1,024-bit private key is used for all the transmissions, this encryption does not protect against man-in-the-middle type attacks or replay attacks. This encryption is mainly useful for sending syslog messages across a public internet, where casual observers might intercept and observe the message content.

Note

The encryption is available only with the DestinationAddress directive. Any configured AuxAddress directives receives unencrypted information and is unaffected by any message encryption settings.

Related topic

Optional-parameters-section

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*