HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
7 Using the Network Node Screen
This chapter describes the Network Node screen, which displays alerts and errors for
a specified agent host. It addresses the following topics:
• “Network Node Screen” (page 113)
• “Alerts Tab” (page 114)
• “Errors Tab ” (page 116)
• “General Operations” (page 117)
Network Node Screen
The Network Node screen contains lists of alerts and errors that have been detected
by the related agent. Click the Alerts or Errors tab to view the lists and details.
Alerts are recorded on the agent host system in the /var/opt/ids/alert.log file.
Errors are recorded on the agent host system in the /var/opt/ids/error.log
file.
When the System Manager is running and the agent is active, copies of the alert records
are sent to the administration system and added to a file named
/var/opt/ids/gui/logs/hostname_alert.log, where hostname is the name
of the agent host as displayed on the Host Manager screen. Error records are copied
to /var/opt/ids/gui/logs/hostname_error.log.
When the System Manager is not running, alerts and errors are not transmitted but are
still stored locally in the host.
When the Network Node screen is selected for an active agent host, it displays all the
alert and error messages that are in the standard System Manager log files for the agent.
If the agent host is resynchronized from the System Manager screen, the Network
Node screen also displays all the previous alerts and errors that were received from
the agent. For more information, see “Resynchronizing Agent Hosts” (page 63).
You can also view previous alerts and errors by opening the log file set directly. For
more information, see “Opening a Log File Set” (page 124).
By default, only the most important error messages are logged by the agent and sent
to the System Manager. You can create more detailed error logs if needed.
Opening a Network Node Screen
To display the Network Node screen for an agent host, follow these steps:
Network Node Screen 113