Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

181

182

183

184

185

186

187

188

189

190

Templates and Alerts

Template Conﬁguration Syntax

Appendix A

178

Template Conﬁguration Syntax

This section describes the syntax used to specify template properties in the ascii version

of a schedule (i.e., /var/opt/ids/schedule). The syntax for specifying template

property values is also used when entering values in the Schedule Manager window.

NOTE A copy of the ascii schedule can be obtained using one of the following methods:

• Retrieve a schedule on the agent system at /var/opt/ids/schedule when a

schedule is running.

• Use the Save function under the Details tab in Schedule Manager within the System

Manager window and retrieve the schedule from the /var/opt/ids/gui/logs/

directory on the administration system.

• Use the sample ascii schedule that can be found at

/opt/ids/share/examples/idsadmin_schedule on an agent system.

A template conﬁguration ﬁle consists of a set of command lines. A command line has the

following syntax:

Property-name | N1 | N2 |... | Np

NOTE In the Schedule Manger window, only the property values "N1 | N2 |... | Np" are

entered when setting a template property. Do not enter the Property-name or the ﬁrst

pipe(|) character in the example when entering a template property in template

property edit window.

The following semantics are used when parsing command lines:

• Multiple consecutive occurrences of space

A template conﬁguration ﬁle shall consist of a set of command lines. A command line

shall have the following general layout:

Property-name | N1 | N2 |... | Np

Each command line has the following characteristics:

• Multiple consecutive occurrences of space and tab characters are equivalent to a

single space character.

• The hash character (#) is the comment character. Everything to the right of the

comment character till the end of the command line will be ignored.

• The comment character can be placed anywhere in a command line.

• Blank lines are ignored.

• A command line is terminated by a new line character \n, unless such character is

immediately preceded by a backslash character‚ in which case the new line character

is ignored. This allows for a logical command line to be spread over several physical

lines.