Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
12345678910
Generating Alert Reports Using the idsadmin Command...............................................227
The idsadmin Command Reporting Options..............................................................228
Using the idsadmin Command to Generate Reports..................................................231
Benefits of Generating Reports in raw Format......................................................236
D The Agent Configuration File...................................................................................................239
The Agent Configuration File...........................................................................................239
Forcing Active Agent to Reread Configuration File...................................................239
Log File Rotation.........................................................................................................240
Global Configuration........................................................................................................240
Correlator Process Configuration.....................................................................................241
Data Source Process Configuration..................................................................................242
Kernel Audit Data DSP................................................................................................243
Remote Communication Configuration...........................................................................245
E The Surveillance Schedule Text File...........................................................................................247
Getting Started..................................................................................................................247
Automating the Activation of Surveillance Schedules.....................................................247
Surveillance Schedule Text File.........................................................................................248
Surveillance Schedule Section...........................................................................................248
Surveillance Group Section...............................................................................................250
Group Files........................................................................................................................252
Template Property Syntax................................................................................................253
F Error Messages.......................................................................................................................255
Agent Messages................................................................................................................255
System Manager Messages...............................................................................................261
G Troubleshooting.....................................................................................................................267
Troubleshooting................................................................................................................268
Agent and System Manager cannot communicate with each other...........................268
Agent complains that idds has not been enabled, yet lsdev shows /dev/idds is
present.........................................................................................................................269
Agent does not start on system boot...........................................................................269
Agent halts abnormally, leaving ids_* files and message queues...............................270
Agent host appears to hang and/or you see message disk full...................................270
Agent needs further troubleshooting..........................................................................271
Agent does not start after installation.........................................................................271
Agents appear to be stuck in polling status................................................................271
Aggregated alerts targets or details field are truncated and the same aggregated alert
has several entries logged in the IDS_ALERTFILE.....................................................271
Alert date/time sort seems inconsistent......................................................................272
Table of Contents 9