HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

221

222

223

224

225

226

227

228

229

230

Table C-2 Reporting Options Supported by idsadmin (continued)

DescriptionOption

Used with the --email-to reporting options. Subject line of

an email message containing a report. Text must be enclosed

in double quotes if it contains white spaces. This option can

be specified only from the command line and not from the

interactive menu prompt.

--email-subject TEXT

Specifies that only alerts generated on or before the specified

date are reported. The date/time is interpreted as local time

on the host on which idsadmin is run, not as the local time

on agent host(s). The default is the current time. If YYYYMMDD

is specified but not HHMMSS, then HHMMSS defaults to 235959

(11:59:59 PM).

--end-date YYYYMMDD[HHMMSS]

Used with the --report-format (with raw option) reporting

option. Specifies the delimiter character when printing alert

reports in raw format. The default is the pipe (|) character.

--report-delimiter CHAR

Specifies the format of the generated report. The default is

html.

--report-format html | txt |

raw

Specifies a file PATHNAME to override the default location

where an alert report is stored or to specify that the alert report

must be printed to stdout in addition to being stored in the

default location. If PATHNAME is set to /dev/null, then the

--email-to option must be specified and the alert report

will not be stored persistently in a file. By default, alert reports

are stored in

/var/opt/ids/reports/HIDS_Report_date.[text|html|raw].

--report-output stdout |

PATHNAME

Convert and display all UTC timestamps in UTC or local

date/time string, where the local date/time is the local time on

the admin host that is not necessarily the same as the local

time on the agent host(s). This option does not apply to the

date/time string value generated by an agent and that

represents the local time on the agent host. The default is utc.

--report-time utc | local

If set to multihost, generate a consolidated alert listing across

all specified agent hosts. If set to perhost, generate an

individual alert listing per agent host. If multihost is

specified and the report only contains an alert listing for one

agent, an individual report is generated instead. The default

value is multihost.

--report-type multihost |

perhost

230 Tuning Schedules and Generating Alert Reports