HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
• Generate reports for one or more agents
• View alert statistics by agent, severity, alert type, and detection template
• Generate a consolidated report across multiple agents
• Generate incremental reports (i.e., report alerts that were generated after the last
generated report)
• Select alert fields to be displayed in the report
• Sort alerts by severity, alert type, or date
• Initiate reports from the command line, from an interactive menu, or from a cron
job
• Email the reports to any number of recipients
• Generate reports in .html, .txt, and .raw formats
The idsadmin Command Reporting Options
To generate alert reports, Invoke the idsadmin command as follows:
idsadmin [-v[vvv]] --report [OPTIONS]
Table C-2 describes the various reporting options that you can use with the idsadmin
–r (--report) option.
Table C-2 Reporting Options Supported by idsadmin
DescriptionOption
Comma separated list of host names or IP addresses. Specify
all to include all agent hosts listed in sentinal.hosts,
even those not currently monitored by the HIDS GUI. Specify
managed to only include agent hosts that are marked as
managed by the HIDS GUI. When used with the report
option, the default is managed.
-a, --agent-hostsHOST1, HOST2...|
managed | all
Specifies that only alerts triggered by the specified events are
reported, where:
• create – report alerts triggered by a creation event
• delete – report alerts triggered by a deletion event
• modify – report alerts triggered by a modification or
potential modification event
• login – report alerts triggered by successful logins
• flogin – report alerts triggered by failed logins
• su- report alerts triggered by successful su attempts
• fsu – report alerts triggered by failed su attempts
• logout – report alerts triggered by logouts
• all – report all alerts regardless of the event that triggered
the alert
The default value is all.
--alert-events event_1,
event_2...
228 Tuning Schedules and Generating Alert Reports