Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
61626364656667686970
System Manager Screen
Resynchronizing Agent Hosts
Chapter 4
49
Resynchronizing Agent Hosts
The HP-UX HIDS agent program can continue to detect alerts when the HP-UX HIDS
System Manager is not running. In this instance, as each agent detects intrusions, it
records them in a log file on the agent host. When you restart the HP-UX HIDS System
Manager, the following events occur:
1. The System Manager locates its own log files for each agent host in the Monitored
Host list.
2. If Automatic Startup Status Poll is enabled (see “General Preferences” on page 116),
the monitored hosts are polled for their status. If they are Scheduled or Running,
their subsequent alerts and errors are added to the System Manager’s log files.
3. If Automatic Startup Alert Resynchronization is enabled (see “General Preferences”
on page 116), any alerts in each agent’s log file that are newer than the latest one in
the System Manager’s alert log file for that agent are transferred to the System
Manager. If the alert log file for that agent is empty, all alerts are transferred.
TIP To avoid reloading deleted alerts, just retain the most recent alert message.
The error log files are not resynchronized.
If Automatic Startup Status Poll is disabled, you must poll the status of the agent hosts
before you can resynchronize them. See “Getting the Status of Agent Hosts” on page 48.
If Automatic Startup Alert Resynchronization is disabled, use the following procedure to
synchronize them.
To resynchronize agent hosts
On the System Manager screen,
Step 1. In the Monitored Hosts list, select the hosts you want to resynchronize. The status of
these hosts must be Available, Scheduled, or Running.
Step 2. Do one of the following:
Click the Resync button
Choose the Actions > Resync menu item
Press Shift-F6
Right-click (in the Monitored Hosts area) and select Resync from the menu
Any alerts in each agent’s log file that are newer than the last one seen by the System
Manager are transferred to the System Manager’s log files. The numbers will be updated
on the Monitored Hosts list and the alerts and errors will be displayed on the Network
Node screen for each host. The updates will continue as alerts and errors are generated
and the System Manager is running.