HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table B-1 Additional Arguments Passed to Response Programs for Kernel Template
Alerts (continued)
DescriptionAlert
Value/Format
Alert Field
Type
Alert FieldResponse
Program
Argument
Full host name of remote host
from which the attacker has
logged in. Set to localhost name
or to an empty string if the local
host is not known.
<hostname>StringAttacker
hostname
argv[34]
IP address (in Ipv4 or IPv6 string
notation) of the remote host from
which the attacker logged in. Set
to an empty string if the address
is not known.
<A.B.C.D> (Ipv4)
or <::ffff:A.B.C.D>
(Ipv6)
StringAttacker IP
address
argv[35]
Table B-2 lists the additional arguments that are passed to response programs for
suppressed alerts.
Table B-2 Additional Arguments Passed to Response Programs for Suppressed
Alerts
Description
Alert Value/
FormatAlert Field TypeAlert Field
Response Program
Argument
Number of
duplicate alerts
that were
suppressed.
<number of
suppressed
alerts>
IntegerNumber of
suppressed alerts
argv[36]
Time elapsed
when duplicate
alerts were
suppressed
<time unit>
IntegerUnit of time (can
be seconds,
minutes, hours, or
days). The default
is seconds.
argv[37]
Table B-3 (page 197) lists the additional arguments that are passed to response
programs for Race Condition Template alerts.
196 Automated Response for Alerts