Manualshelf

HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Example 1-1 Invalid Modification - Scenario 1
In this example, the GUI Schedule Manager allows the administrator to enter an unequal
number of pathnames_X and programs_X pathname groups:
pathnames_1 | file1 & file 2 | file3 | file4
programs_1 | prog1 | prog2
However, the administrator will not be able to activate the schedule as there is no
corresponding program for file4.
Example 1-2 Invalid Modification - Scenario 2
In this example, the GUI Schedule Manager allows the administrator to enter an empty
pathname or program when editing a pathnames_X or a programs_X template
property:
pathnames_1 | file1 | | file2
programs_1 | prog1 | prog2
As there is no valid pathname value between the two pipe delimiters , the GUI Schedule
Manager fails to parse the schedule when the administrator tries to activate it.
Diagnosing the Problem
Run the idsadmin --activate <schedule_name> command to print useful
diagnostics information, including the line number of the schedule file entry that caused
a parsing error. The idsadmin command provides detailed error messages that can
help administrators diagnose and resolve the problem.
IMPORTANT: The GUI System Manager must be closed before directly editing a
Surveillance Schedule or Group in a text editor. Otherwise, changes made using an
editor will be overwritten by the GUI System Manager when it exits.
TIP: HP recommends that administrators backup copies of Surveillance Schedules
and Groups files periodically in case they need to be restored.
Incorrectly Formatted raw Reports Sent as an Email
Reports in raw format that are generated in /var/opt/ids/reports are formatted
correctly. However, if the raw report is sent to an email address using the --email-to
option, then the report may not be formatted correctly. For example, long entries in a
raw report can be broken up across multiple lines, and reports generated when
specifying the : character as a delimiter (using the --report-delimiter option)
may not include the first few entries.
22 Announcement