BMC Defender Server services and processes


BMC Defender Server employs various processes that collect information, all of that run as persistent background services on the host platform. These programs cooperate in gathering syslog data, organizing this data into catalogs (that are lists of messages related by some common factor, that is correlated lists of data.)

All executable programs reside in the BMC Defender Server or system directory, and are started by the CO-svc.exe program on node startup, or when the BMC Defender Server service is started manually. For proper operation of the BMC Defender Server, the following processes should continuously run, and be visible in the task manager:

Program

Description

CO-Syslog.exe

This program listens to UDP port 514, the standard syslog port, and is responsible for receiving and writing messages to the BMC Defender Server/logs directory. The process is designed for speed and can process at least 2000 incoming messages per second, or a burst of 10,000 messages in a single second. The only other function this process performs (other than getting data from the UDP port and writing it to the disk) is the management of filters and overrides configured by the operator.

CO-Gendex.exe

This program indexes the data received by the CO-Syslog.exe program, to support the high-speed search engine. The program maintains the files in the BMC Defender Server/logs/dex directory.

CO-Devlog.exe

This program manages various screens in BMC Defender, Including the Devices screen, Facilities screen, and Severities screen. The program does not listen to any port, but continuously reads the latest syslog data and writes this to the catalogs directory. The program complements the CO-catlog.exe program.

CO-Muslog.exe

This program manages various screens in BMC Defender, Including the Users screen (similar to the way the CO-Devlog.exe previous program manages the Devices screen). The program does not listen to any port, but continuously reads the latest syslog data and writes this to the catalogs directory. The program complements the CO-catlog.exe program.

CO-Catlog.exe

This program catalogs the data. It does not listen to any port, but continuously reads the latest syslog data and writes this data to the catalogs directory, maintaining index files to this data and updating BMC Defender Server counters. The process also is responsible for executing any actions on the data, discussed further in this section.

CO-Action.exe

This program manages the ./queue directory of BMC Defender Server and is responsible for running action programs (and potentially other programs) required by the system. The process should be running on all platforms, unless otherwise specified by BMC Defender Server support.

CO-Svc.exe

This program starts the other processes on the system (including the Apache server, if so configured) and can be used to launch other periodic and transient programs hourly, daily, weekly, or monthly. The CO-svc.exe program is the actual interface to the Windows Service Manager.

Other processes, such as the CO-Maint.exe program, are also launched periodically and are responsible for cleaning log files and catalogs, archiving data, generating reports. In particular, the CO-Maint.exe is run nightly, just after midnight, and is responsible for cleaning up log files and catalogs.

The preceding programs form the core BMC Defender Server background processes. They are started and stopped by the Windows Service Manager. In particular, the system can be started via the net start BMC Defender Server command. Additional processes (such as the GenDex.exe search engine index creation program) are occasionally executed by the CO-svc.exe program, as needed.

This section provides information about the following topics:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*