Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

111

112

113

114

115

116

117

118

119

120

Network Node Screen

Chapter 7

101

Network Node Screen

The Network Node screen contains lists of alerts and errors that have been detected by

the related agent. Click the Alerts or Errors tab to see the lists and details panels.

Alerts are recorded on the agent host system in the ﬁle /var/opt/ids/alert.log.

Errors are recorded on the agent host system in the ﬁle /var/opt/ids/error.log.

When the System Manager is running and the agent is active, copies of the alert records

are sent to the administration system and added to a ﬁle named

/var/opt/ids/gui/logs/

hostname

_alert.log, where

hostname

is the name of the

agent host as displayed on the Host Manager screen. Error records are copied to

/var/opt/ids/gui/logs/

hostname

_error.log.

When the System Manager is not running, the alerts and errors are not transmitted but

are still stored locally.

When the Network Node screen is selected for an active agent host, it displays all the

alert and error messages that are in the standard System Manager log ﬁles for the

agent. If the agent host is resynchronized from the System Manager screen, the

Network Node screen also displays all the previous alerts and errors that have been

received from the agent. See “Resynchronizing Agent Hosts” on page 49 for more

information.

Earlier alerts and errors may also be viewed by opening the log ﬁle set directly. See

“Opening a Log File Set” on page 111.

By default, only the most important error messages are logged by the agent and sent to

the System Manager. More detailed error logs are possible. See “The idsagent

Command” on page 207 for details.

Opening a Network Node Screen

To display the Network Node screen for an agent host

Step 1. Go to the System Manager screen and do one of:

• Select a host in the Monitored Nodes list and choose the View > Network Node

menu item

• Select a host in the Monitored Nodes list and press Ctrl-B

• Double-left-click an entry in the Monitored Nodes list

The Network Node screen is displayed with the selected host name in the title bar

(Figure 7-1 on page 102 or Figure 7-2 on page 104).

Closing a Network Node Screen

To close a Network Node screen

Step 1. On the Network Node screen, do one of:

• Choose the File > Close menu item

• Press Ctrl-C

If unsaved changes have been made to an open ﬁle set, they are saved automatically.