Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

241

242

243

244

245

246

247

248

249

250

Troubleshooting

Summary

Appendix G

238

Summary

This appendix describes various steps you can take in resolving problems on the agent

and administrative systems. The topics are:

• “Agent and System Manager cannot communicate with each other” on page 240

• “Agent complains that idds has not been enabled, yet lsdev shows /dev/idds is

present” on page 241

• “Agent does not start on system boot” on page 241

• “Agent halts abnormally, leaving ids_* ﬁles and message queues” on page 242

• “Agent host appears to hang and/or you see message “disk full”” on page 242

• “Agent needs further troubleshooting” on page 242

• “Agent does not start after installation” on page 243

• “Agents appear to be stuck in polling status” on page 243

• “Alert date/time sort seems inconsistent” on page 243

• “Alerts are not being displayed in the alert browser” on page 243

• “Duplicate alerts appear in System Manager” on page 244

• “Buffer overﬂow triggers false positives” on page 244

• “Idsadmin needs installed agent certiﬁcates” on page 244

• “Idsadmin notiﬁes of bad certiﬁcate when pinging a remote agent” on page 244

• “IDS_checkInstall fails with a kmtune error” on page 245

• “IDS_genAdminKeys or IDS_genAgentCerts does not complete successfully” on

page 245

• “IDS_genAdminKeys or idsgui quits early” on page 245

• “Large ﬁles in /var/opt/ids” on page 246

• “Log ﬁles are ﬁlling up” on page 246

• “No Agent Available” on page 246

• “Normal operation of an application generates heavy volume of alerts” on page 247

• “Reﬂection X rlogin produces multiple login and logout alerts” on page 247

• “Schedule Manager timetable screen appears to hang” on page 247

• “SSH does not perform a clean exit after idsgent is started” on page 247

• “System Manager appears to hang” on page 248

• “System Manager does not let you save ﬁles to speciﬁc directories” on page 248

• “System Manager does not start after idsgui is started” on page 248

• “System Manager starts with no borders or title bar in X client programs on

Windows” on page 248