Host Intrusion Detection System Administrator's Guide Release 3.0
The Agent Configuration File
Global Configuration
Appendix E
216
Global Configuration
The Global section is bracketed by the [global]...[END] keywords. Only the parameters
in Table E-1 may be edited.
CAUTION Do not edit any other variables between [global] and its [END] tag.
They are defined as follows:
IDS_ALERTFILE
The full path name to the alert log file for this HP-UX HIDS agent
process. Any alerts resulting from intrusive activity detected by the
agent software will be logged to this file.
IDS_ERRORFILE
The full path name to the error log file for this HP-UX HIDS agent
process. Any errors generated in the operation of the agent software
will be logged to this file.
IDS_LISTEN_IFACE
The IP address or host name associated with the agent system’s
network interface card.
On a system with only one IP address, this parameter does not need to
be specified.
On a multihomed system (a system with more than one network
interface card) this parameter is required. See “Configuring a
Multihomed Agent System” on page 25 for configuration information.
IDS_RESPONSE_DIR
The full path name to the automated response directory containing
executable binary or script programs that are executed on the agent
node when an alert is generated. The programs can take any actions
that you deem appropriate. See Appendix B, “Automated Response,” on
page 181 for information on writing response scripts.
Table E-1 Global Configuration Variables
Name Default Value
IDS_ALERTFILE /var/opt/ids/alert.log
IDS_ERRORFILE /var/opt/ids/error.log
IDS_LISTEN_IFACE ""
IDS_RESPONSE_DIR /opt/ids/response