HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

Example C-11 To generate a report for all agents listed in the sentinal.hosts file

starting from January 01 2007, displaying only the specified fields. The report is in raw

format and emailed to the specified email address.

/opt/ids/bin/idsadmin -r -a all --start-date 20070101

--report-format raw --email-to admin@xyz.com --alert-fields

localdate,attacker,target,action,uid

Figure C-4 is a screenshot of the generated report in raw format with alert fields

separated by the default delimiter pipe (|) character:

Figure C-4 Screenshot of the Generated Report in .raw Format

Benefits of Generating Reports in raw Format

Generating reports in raw format can be useful in the following scenarios:

• To automate some administrative change management tasks. For example, a script,

which compares a list of files that are expected to change with the actual files that

were modified, can read reports in raw format.

• To easily parse alerts for further manipulation, such as automating the entry of

alerts in a database to perform more complex database queries and to leverage the

reporting features of a database application.

236 Tuning Schedules and Generating Alert Reports