Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP Host Intrusion Detection System (HIDS)

251

252

253

254

255

256

257

258

259

260

Troubleshooting

Appendix G

246

Starting the HP-UX HIDS System Manager in the background

Please wait....

In either case, you can try running the command again.

The solution is to apply the latest Software Distributor (SD) Cumulative Patch. For 11.0,

install PHCO_25875 or a superseding patch, if any. For 11i and 11i version 1.6, install

PHCO_25887 or a superseding patch, if any.

Large ﬁles in /var/opt/ids

❏ The communication between idskerndsp and idscor uses a memory-mapped ﬁle,

which normally only exists (in the /var/opt/ids directory) when a surveillance

schedule is running. The ﬁles are named ids_

, where

is incremented from 1001

for each activated schedule.

❏ If idsagent has a problem, the ﬁles may not be deleted normally. If no schedule is

running on the agent, there should be no ids_

ﬁles. You can safely delete them with

the rm command.

Log ﬁles are ﬁlling up

❏ The log ﬁles on both the agent and the administration systems can grow without

bounds. It’s a good idea to practise log ﬁle rotation. See “Log File Rotation” on

page 205.

No Agent Available

❏ The Status ﬁeld for an agent on the System Manager screen shows No Agent

Available. See also “Agent and System Manager cannot communicate with each

other” on page 240.

1. Is the agent running? On the agent host, run

ps -ef | grep idsagent

If there is no entry for idsagent, start the agent on the agent system, as in

“Starting HP-UX HIDS Agents” on page 52

Then, on the System Manager screen, click the Status button.

2. Is the IP address for the agent correct in the Host Manager screen? Test with

nslookup.

3. Is the Domain Name Service (DNS) set up correctly? Test with nslookup.

4. Can the administration system communicate with the agent system? Test with

ping.

5. Is theagent communicating correctly with the administration system? Check the

entry for REMOTEHOST in the /etc/opt/ids/ids.cf agent conﬁguration ﬁle. It

must be set to the host name or IP address of the administration system. If the

INTERFACE variable is set to an IP address (other than 0.0.0.0) in

/opt/ids/bin/idsgui on the administration system, REMOTEHOST must be set to

the same value. See “Conﬁguring a Multihomed Administration System” on

page 27 and “Setting Up the HP-UX HIDS Secure Communications” on

page 20“Setting Up the HP-UX HIDS Secure Communications” on page 20.