HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table B-4 Additional Arguments Passed to Response Programs for Login or Logout
Alerts
DescriptionAlert Value/FormatAlert Field TypeAlert Field
Response Program
Argument
The number 1
indicates that it is a
login or logout
alert.
IntegerNumber
indicating the
type of alert
argv [10]
Name of the user
who logged in or
logged out.
<username>
StringUser name
argv [11]
Device number of
device associated
with login session.
<device
number>
IntegerDevice number
argv [12]
Name of remote
host from which
login was initiated
<remote
hostname>
StringHost name
argv [13]
IP address of
remote host from
which login was
initiated
<A.B.C.D> (IPv4)
or
<::ffff:A.B.C.D>
(IPv6 address)
NOTE: Although
HIDS is not
supported on
IPv6–only enabled
systems, the failed
login templates can
recongnize and
display the
following types of
addresses in the
alerts:
• IPv4 address
• IPv4
address-mapped-IPv6
address
• IPv6 address
StringHost IP address
argv [14]
Table B-5 lists the additional arguments that are set for system templates while
generating su alerts.
198 Automated Response for Alerts