Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
61626364656667686970
To get the status of agent hosts, follow these steps:
1. On the System Manager screen, in the Monitored Hosts list, select the hosts status
you want to update.
2. Select one of the following options:
Click the Status button.
Choose the Actions > Status Poll menu item.
Press Shift+F7.
Right-click in the Monitored Hosts area and select Status Poll from the menu.
The System Manager begins polling the selected hosts and returns an updated
value in the Status field. These values are described in Table 4-2 (page 60).
If No Agent Available is shown for a host, the agent may not be not running,
or is still initializing. Recheck the status later. If the agent status does not change,
then the following problems may exist:
The agent may not be running on the host. For more information, see “Starting
HP-UX HIDS Agents” (page 61).
The agent host may be down.
The administration and agent host certificates may not be properly configured.
For more information, see “Setting Up HP-UX HIDS Secure Communications”
(page 34).
The network may be congested.
The network link to the host may be unavailable.
See also Appendix F (page 255).
Resynchronizing Agent Hosts
The HP-UX HIDS agent program can continue to detect alerts when the HP-UX HIDS
System Manager is not running. During this period, as each agent detects intrusions,
it records them in a log file on the agent host. When you restart the HP-UX HIDS System
Manager, the following events occur:
1. The System Manager locates its own log files for each agent host in the Monitored
Host list.
2. If the Automatic Startup Status Poll field is enabled, the monitored hosts are polled
for their status. If the status is either Scheduled or Running, the hosts subsequent
alerts and errors are added to the System Manager log files. For more information,
see “General Preferences” (page 127),
3. If Automatic Startup Alert Resynchronization is enabled, all the alerts in the agent’s
log file that are not updated in the System Manager alert log file are transferred
to the System Manager. If the alert log file for a particular agent is empty, then all
alerts are transferred to the System Manager. For more information, see “General
Preferences” (page 127).
Resynchronizing Agent Hosts 63