Host Intrusion Detection System Administrator's Guide Release 3.0
Templates and Alerts
Login/Logout Template
Appendix A
169
Login/Logout
This template generates and forwards the following alert to a response program when an
a successful login or logout occurs:
Table A-20 Login/Logout Alert Properties
Response
Program
Argument
Alert
Field
Alert
Field
Type
Alert Value/Format Description
argv[1] Template
code
Integer 7 Unique code
assigned to
template
argv[2] Version Integer 2 Version of the
template
argv[3] Severity Integer 2 for user root or ids and1 if specified by an
ip filter property.3 for all other users, and
higher (1 or 2) if specified by an ip filter
property.
Severity
argv[4] UTC Time Integer <secs> UTC time in
numberofseconds
since epoch when
a successful login,
logout, or su event
occurs.
argv[5] <Empty> n/a n/a This field is empty
argv[6] <Empty> n/a n/a This field is empty
argv[7] Summary String "Start of a Successful Login session"
or
"End of a Login session"
Alert summary
argv[8] Details String “User <username> logged-in on <pty>
(REMOTE: <fully qualified host name>
<IP address>)
or
User <username> logged-out from a
session on <pty>”
Detailed alert
description
argv[9] Local
Time
Integer <secs> Local time in
numberofseconds
since epoch when
a successful login
or logout occurs.