Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
919293949596979899100
# suppression 0
Generate Suppression Report
Select the Generate Suppression Report checkbox if you want to receive an alert
that contains a summary of all the suppressed duplicate alerts for any given alert.
When this checkbox is selected, an alert summarizing all the duplicate alerts for
any given alert is sent to the alert.log file, the GUI, and the Response programs
(located in the rt_response directory).
NOTE: You receive an alert summarizing all the duplicate alerts only if at least
one of the criteria specified in the Suppression Count or Suppression Interval
property is met.
If Duplicate Alert Suppression is selected, but Generate Suppression Report is not,
no reports summarizing duplicate alerts are generated. If you do not want to
receive summary alerts, deselect this checkbox. By default, this property is enabled.
You can also set this property by editing the ids.cf file. Comment out the
following entry in the ids.cf file and set it to 1 (enabled) or 0 (disabled).:
# suppression_report 0
Suppression Count
Use this property to suppress a specified number of duplicate alerts before the
alert is issued again. To configure the Suppression Count, set the Suppression
Count property in the Duplicate Alert Suppression tab. The default value of this
property is 100. This means that HIDS suppresses the next 100 duplicate alerts (for
any given alert) within the specified Suppression Interval.
Suppression Interval
Use this property to suppress duplicate alerts (for any given alert) until the specified
time in the Suppression Interval property has elapsed or the number of duplicate
alerts is equal or greater than the Suppression Count property value. The default
value of this property is 6 hours. This means that HIDS will suppress duplicate
alerts for any given alert over a 6 hour period, unless the number of duplicate
alerts for that alert exceeds the value of the Suppression Count property.
NOTE: The Suppression Interval property supports the specification of time
units in seconds, minutes, hours, and days. For more information, see “Type VI:
Time Strings” (page 145)
Suppression Targets to Ignore
Use this property to specify the pathnames of targeted files and directories for
which duplicate alerts must not be suppressed. By default, duplicate alerts for the
following target pathnames are not suppressed: :
Configuring Duplicate Alert Suppression 93