Performing the installation as a stand-alone service

This topic describes how to install the BMC Defender SyslogDefender product as a stand-alone service, without BMC AMI Command Center for Security or BMC Defender SIEM Correlation Server on the system. In this installation method, you, as the administrator, configure the SyslogDefender program through direct edits of the applicable configuration files. 

Examine the configuration scenarios in which SyslogDefender is distributed with two model configuration files, and select the scenario that is best suited to your installation environment.

Before you begin

Obtain the installation package as directed by BMC Support. The installation package is a standard Microsoft installation file named BMC-Defender-SyslogDefender-v.r.mm.bbbb.msi. The placeholder v.r.mm.bbbb represents the version number.

To install the SyslogDefender software

1. Navigate to the installation application package, BMC-Defender-SyslogDefender-v.r.mm.bbbb.msi.
2. Right-click the installation application package and select Install.
3. Select the directory where you want to install SyslogDefender. 
   The default installation directory is C:\Program Files\BMC Software\BMC Defender\SyslogDefender. 
4. Click through the installation process. 
   If you have User Access Control enabled, click Yes for the UAC prompt. 

If you encounter any errors that you cannot resolve, contact BMC Support.

To install the service in Windows

1. Open a command prompt with Administrator privileges. 
2. Navigate to the folder where you installed SyslogDefender. 
   The default installation directory is C:\Program Files\BMC Software\BMC Defender\SyslogDefender.

3. (Current SyslogDefender users only) If you are reinstalling SyslogDefender, remove the previous Windows Service installation. At the command prompt, enter the following command:

   CO-SyslogDefender –remove

   If the service is successfully removed, the following message is displayed: CO-SyslogDefender is removed.

   If the service is not successfully removed, one of the following error messages is displayed:

   Message	Description and user response
   OpenService failed w/err 0x00000005	Description: You are not logged on as an Administrator. User response: Close the command window and open it again with Administrator privileges.
   OpenService failed w/err 0x00000424	Description: SyslogDefender is not installed as a Windows service. User response: You can ignore this error and proceed with the next step.

4. Examine the configuration scenarios in which SyslogDefender is distributed with two model configuration files, and select the scenario that is best suited to your installation environment:

   • If this installation is similar to data center configuration, enter the following command:
     CO-SyslogDefender -install Datacenter.cnf
   • If this installation is similar to the remote configuration, enter the following command:
     CO-SyslogDefender -install Remote.cnf

   If the installation is successful, the following message is displayed: CO-SyslogDefender is installed.

   If the installation is not successful, one of the following error messages is displayed:

   Message	Description and user response
   OpenSCManager failed w/err 0x00000005	Description: You are not logged on as an Administrator. User response: Close the command window and open it again with Administrator privileges.
   CreateService failed w/err 0x00000431	Description: SyslogDefender is already installed as a Windows Service. User response: Remove the service with the -remove switch as described in the previous step.

5. Install the required SSL/TLS certificates and keys in a folder that is accessible to SyslogDefender.
   For a description of the different kinds of certificates, see SSL-TLS-overview. The method for creating the certificates and key files is beyond the scope of this documentation.

Where to go from here

Continue to Customizing-after-installation to complete SyslogDefender customization, and then start SyslogDefender as a service.