Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
191192193194195196197198199200
Templates and Alerts
Template Configuration Syntax
Appendix A
179
If a filename contains a pipe (|), ampersand (&) or comma (,) character, then those
special characters must be escaped using a backslash (/) character because these
three characters are used as delimiters by the template property syntax. See “UNIX
Regular Expressions” on page 126 for an example.
property type is the name of a template property. Template property names are
subject to the following constraints:
It must consist of a sequence of at most 64 characters, where each character
must be in the following set: alphabetic (uppercase or lowercase), numerical (0 to
9), the underscore character (_), and the dash character (-).
Property names are case-insensitive
Each Ni is a particular value for the property-name in a given command line.
Property values are separated from property-name and from each other by a pipe
character (|).
The actual interpretation of each property value will depend on the specific
property-name with which it is associated. Property types are listed on “Template
Property Types” on page 129. The valid interpretations are the following:
A positive integer, possibly followed by a units symbol.
A regular expression. Regular expressions can comprise the reserved separator
characters, which should then be escaped by a backslash character.
A group of ampersand-separated subvalues Si, :
S1 & S2 & ... Sq
The interpretation of these subvalues will again depend on the particular
property they are assigned to. This is however mainly meant to be used in the
pathnames/programs lists listed on “Type II: Pathnames/Programs Pairs” on
page 130).
A group of comma-separated subvalues Ti:
T1, T2,..., Tn
The subvalues are integers, the interpretation of which will depend on the
particular property they are assigned to.
Any property-name can have an arbitrarynumber of property values, but it must
have at least one. Properties without any values are considered to be an error.