Host Intrusion Detection System Administrator's Guide Release 3.1
Templates and Alerts
Login/Logout Template
Appendix A
173
Login/Logout
Table A-20 lists the alerts that this template generates and forwards to a response
program when an a successful login or logout occurs.
Table A-20 Login/Logout Alert Properties
Response
Program
Argument
Alert
Field
Alert
Field
Type
Alert Value/Format Description
argv[1] Template
code
Integer 7 Unique code
assigned to
template
argv[2] Version Integer 2 Version of the
template
argv[3] Severity Integer 2 for user root or ids and 1 if specified by an
ip filter property.
3 for all other users, and higher (1 or 2) if
specified by an ip filter property.
Alert Severity
argv[4] UTC Time Integer <secs> UTC time in
number of seconds
since epoch when
a successful login,
logout, or su event
occured.
argv[5] <Empty> n/a n/a This field is empty
argv[6] <Empty> n/a n/a This field is empty
argv[7] Summary String Start of a Successful Login session
or
End of a Login session
Alert summary
argv[8] Details String User <username> logged-in on <pty>
(REMOTE: <fully qualified host name>
<IP address>)
or
User <username> logged-out from a
session on <pty>
Detailed alert
description
argv[9] Local
Time
Integer <secs> Local time in
number of seconds
since epoch when
a successful login
or logout occured.