Host Intrusion Detection System Administrator's Guide Release 3.0
The idsadmin Command
The idsadmin Command
Appendix D
212
Specify the host name or IP address of the local host where idsadmin
should accept connections from the agent. By default, the local host
name is used. Use this option if the local host is multihomed (has two
or more IP addresses).
-l
alert/error-filename
Specify the path name of a file to store alert and error messages sent
by the agent. If the file already exists, idsadmin appends to it.
-s
cipher-suite
Specify the RSA cipher suite for secure communication with the agent.
Commands idsadmin provides the following commands (case is ignored):
load Load a surveillance schedule into the idsagent process. An error is
returned if a surveillance schedule is already running or is scheduled
to run. The load command overwrites any previously loaded
surveillance schedule.
ping Send an application level ping to the idsagent process. If it can be
contacted and reply, it indicates that the agent is alive and
communication settings are correct.
remove Delete the currently loaded surveillance schedule from the idsagent
process. A schedule cannot be removed if it is currently running or
scheduled to run.
resync Resynchronize with the idsagent process. resync prompts for a start
date. It then gathers any alerts from the idsagent process, which have
occurred since the date entered. Alerts are displayed in the order they
were generated. idsadmin maintains no state information for each
agent node.
Use resync if the idsadmin program is not running but the idsagent
process is still gathering data and monitoring events.
shutdown Shut down the idsagent process. shutdown will halt all agent
processing and force all HP-UX Host IDS processes to exit.
start Start the previously loaded surveillance schedule running on the
idsagent process. An error is returned if no surveillance schedule is
loaded or if a surveillance schedule is already running or is scheduled
to run.
status Query the status of the idsagent process. status returns the name of
the previously loaded surveillance schedule (if any) and whether the
surveillance schedule is running, scheduled to run, or loaded.
stop Stop the currently running or scheduled surveillance schedule on the
idsagent process. If no surveillance schedule is loaded, running, or
scheduled to run, an error is returned.
If a command expects a response from the idsagent process, idsadmin will pause for a
reply. If no reply is received within a timeout period of 12 seconds, an error is displayed.