Administrator's Guide

The idsadmin Command
The idsadmin Command
Appendix D
211
The idsadmin Command
idsadmin is an IDS command-line administration tool that provides a command prompt
for you to send commands to an idsagent process. In addition, you can receive alerts
and error messages from the agent. See idsadmin (1M).
idsadmin assumes that the steps described in IDS_genAdminKeys (1M),
IDS_genAgentCerts (1M), and IDS_importAgentKeys (1M) have been followed to
correctly generate certificates for secure communication. idsadmin cannot be run as
superuser (root). It is designed to run as the nonprivileged user ids, created at
product-installation time.
CAUTION idsadmin requires agent certificates in /etc/opt/ids/certs/agent for secure
communication. If the system on which idsadmin is run does not have an agent installed
and configured, one can manually create /etc/opt/ids/certs/agent as user ids and
copy the contents of that directory from a system on which agent certificates have been
installed (see IDS_importAgentKeys (1M) ).
Synopsis /opt/ids/bin/idsadmin [-h] [-a
agent-host
] [-c
comm-debug-level
] [-f
schedule
] [-i
local-interface
] [-l
alert-error-filename
] [-s
cipher-suite
]
Startup When you invoke idsadmin and the -l option is not specified, idsadmin prompts for an
alert file path where idsadmin will save any alerts and errors received. If the file already
exists, idsadmin appends to it. If this file cannot be created, idsadmin exits with an
error.
Once idsadmin has started, it issues a command prompt.
Options -h Display a brief synopsis of the commands and exit.
-a
agent-host
Specify the host name or IP address of the agent to monitor. By default,
the local host name is used. Use this option if the local host is
multihomed, or if the agent host is remote.
-c
comm-debug-level
Specify the communication debug level for printing error and debug
messages. comm-debug-level can have the values 1 for low, 2 for
medium, and 3 for high. Useful for troubleshooting.
-f
schedule
Specify an ASCII surveillance schedule file to be sent over to and
activated by idsagent. Idsadmin will wait for potential error messages
for several seconds before exiting. An ASCII schedule can be obtained
using the Save function under the Details tab in Schedule Manager
within the IDS System Manager, or by modifying the sample schedule
/opt/ids/share/examples/idsadmin_schedule. See “Template
Configuration Syntax” on page 178 for more information on how to
configure the ASCII schedule.
-i
local-interface