HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Example B-3 Storing Alerts in Log Files
#!/usr/bin/sh
#
# Sample HP-UX HIDS alert response script
#
# Send a message to syslog containing the alert
# If there is a severity 1 alert then log the alert to
syslog
if [ $3 = “1” ]
then
/usr/bin/logger -t “HP-UX HIDS” “$8”
fi
NOTE: Administrators can also use the following HP-supported options:
• Consolidate alerts to a central log using syslog-ng with clog_tail
• Generate alert reports using the idsadmin --report feature. For more
information on the idsadmin --report feature, see “Generating Alert Reports
Using the idsadmin Command” (page 227)
210 Automated Response for Alerts