Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
61626364656667686970
TIP: To avoid reloading deleted alerts, retain only the most recent alert message.
The error log files are not resynchronized.
If the Automatic Startup Status Poll field is disabled, you must poll the status of the
agent hosts before you can resynchronize them. See “Getting the Status of Agent Hosts”
(page 62).
If Automatic Startup Alert Resynchronization is disabled, use the following procedure
to synchronize the alerts.
1. On the System Manager screen, in the Monitored Hosts list, select the hosts you
want to resynchronize. The status of these hosts must be Available, Scheduled,
or Running.
2. Select one of the following options to resynchronize:
Click the Resync button.
Choose the Actions > Resync menu item.
Press Shift+F6.
Right-click in the Monitored Hosts area and select Resync from the menu.
Any alerts in each agent’s log file that are newer than the last one seen by the
System Manager are transferred to the System Managers log files. The numbers
are updated on the Monitored Hosts list and the alerts and errors are displayed
on the Network Node screen for each host. The updates continue as alerts and
errors are generated and the System Manager runs.
Activating Schedules on Agent Hosts
To provide intrusion detection, you must activate surveillance schedules on the agent
hosts. You also use this procedure to replace a schedule on one or more hosts.
To activate a surveillance schedule on agent hosts, follow these steps:
1. On the System Manager screen, in the Monitored Hosts list, select the hosts to be
activated. Their Status fields must show Available, Scheduled, or Running.
2. In the Schedules list, select the surveillance schedule you want to activate.
3. Select one of the following options to activate the schedule:
Click the Activate button.
Choose the Actions > Activate Schedule menu item.
Press Shift+F8.
Right-click (in the Monitored Hosts area) and select Activate Schedule from
the menu.
4. If any of the agent hosts is already running a schedule, the Confirm Schedule
Activation dialog box appears. Click Yes to override existing surveillance schedule,
and No to cancel.
64 Using the System Manager Screen