Administrator's Guide
Templates and Alerts
Template Property Types
Appendix A
132
if the file’s owner’s UID is 16, and the effective UID of the modifying process is 2 then no
alarm is triggered.
Type V: Network Triplets
The values for this property type consist of network information triplets. The members
of a triplet are as follows:
• IP address: An IP address. For IPv4 the address must be in standard dot notation;
for IPv6, in colon notation.
• Network mask: The network mask value qualifies the value in the IP address field
to an individual host address or a network address. A value of 255.255.255.255
means the value in the IP address field is an individual host address; otherwise, it is
a network address. The network mask follows the notational requirements for IP
addresses.
• Severity code: An integer representing a severity level (0=No Alert, 1=critical,
2=severe, 3=moderate), where a severity level of 0 specifies that no alert should be
generated for a matching {IP address, Network Mask, 0} triplet.
The following template configuration command line gives an example for this type of
property value:
ip_filters | 192.168.0.2, 255.255.255.255,1|\
192.168.20.0, 255.255.255.0, 0
Type VI: Time Strings
Time strings are strings that represent time intervals. Each time string has the
following syntax:
integer [units]
The integer component is a positive integer, representing a time interval. The units
component, when present, indicates the time units that integer is expressed in. The
following units are supported:
• s:Seconds
• m: Minutes
• h: Hours
• d: Days
• w: Weeks
When the units component is not present, the integer component is assumed to be in
units of seconds. For example, the following lines in the template configuration file:
fail_interval | 23
warning_interval | 10m
fail_interval | 1h
warning_interval | 23s
contain time strings representing values of 23 seconds, 10 minutes, 1 hour and 23
seconds; the s component in the last line is redundant, but can be used for clarity.