HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

$ su - ids

2. Send the hangup signal to the agent process ID:

$ kill -HUP $(cat /var/opt/ids/idsagent.pid)

The idsagent process rereads the configuration file and reactivates the current

surveillance schedule, if any.

Log File Rotation

Both the IDS_ERRORFILE file and the IDS_ALERTFILE file, described in “Global

Configuration” (page 240), are designed to support log rotation. If the file names are

changed on the system while the HP-UX HIDS agent software is running, the agent

software will recreate the files as defined in Table D-1 and continue to log to the newly

created files. Log rotation permits periodic archiving of alerts or errors.

To rotate a log file, use the mv command. For example:

% mv /var/opt/ids/alert.log /home/ids/alert.log_Jan_06

Global Configuration

The Global section is bracketed by the [global]...[END] keywords. Only the

parameters in Table D-1 may be edited.

CAUTION: Do not edit any other variables between [global] and its [END] tag.

Table D-1 Global Configuration Variables

Default ValueName

/var/opt/ids/alert.logIDS_ALERTFILE

/var/opt/ids/error.logIDS_ERRORFILE

IDS_LISTEN_IFACE

/opt/ids/rt_responseIDS_RT_RESPONSE_DIR

/opt/ids/responseIDS_RESPONSE_DIR

They are defined as follows:

IDS_ALERTFILE

The full path name to the alert log file for this HP-UX

HIDS agent process. Any alerts resulting from intrusive

activity detected by the agent software will be logged to

this file.

IDS_ERRORFILE

The full path name to the error log file for this HP-UX

HIDS agent process. Any errors generated in the

operation of the agent software will be logged to this

file.

240 The Agent Configuration File