HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
IDS_LISTEN_IFACE
The IP address or host name associated with the agent
system’s network interface card.
On a system with only one IP address, this parameter
does not need to be specified.
On a multihomed system (a system with more than one
network interface card) this parameter is required. See
“Configuring a Multihomed Agent System” (page 42)
for configuration information.
IDS_RT_RESPONSE_DIR
The full path name to the automated response directory,
containing executable binary or script programs that are
executed on the agent node. These programs are
executed when a real-time alert is generated and when
both the Alert Aggregation and the Real Time Alerts
options are enabled. The programs can take any actions
that you deem appropriate. For more information on
writing response scripts, see Appendix B (page 191) for
information on writing response scripts. For more
information about how real time alerts can be generated
when alert aggregation is enabled, see “Configuring
Alert Aggregation” (page 88).
IDS_RESPONSE_DIR
The full path name to the automated response directory
containing executable binary or script programs that are
executed on the agent node. These programs are
executed either when alert aggregation is disabled and
any alert is generated or when alert aggregation is
enabled and an aggregated alert or an alert that is not
or cannot be aggregated is generated. The programs can
take any actions that you deem appropriate. For
information on writing response scripts, see Appendix B
(page 191).
For more information about different types of alerts that can be generated when alert
aggregation is enabled, see “Configuring Alert Aggregation” (page 88).
Correlator Process Configuration
The correlator section is bracketed by the [Correlator] ... [END] keywords. Only the
parameters in Table E-2 may be edited.
Table D-2 Correlator Configuration Variables
Default ValueName
““
CMDLINEARGS
“not set”
AGGREGATION
Correlator Process Configuration 241