Event message encryption
As a special facility, the CO-sysmsg.exe program encrypts messages sent to the BMC Defender Server system. The administrator edits the EncryptData directive and sets the value to false to disable this function. The encryption prevents casual snooping of the data by using a block rotating, time-based cipher, built into both the BMC Defender Server and the CO-sysmsg.exe program. There is no apparent change to the data displayed. However, if you change to the destination address to point to another syslog server, it becomes apparent that the data is encrypted.
The encryption provides a fair degree of protection against network sniffers. However, since a single 1,024-bit private key is used for all the transmissions, this encryption does not protect against man-in-the-middle type attacks or replay attacks. This encryption is mainly useful for sending syslog messages across a public internet, where casual observers might intercept and observe the message content.
Related topic