HP-UX Host Intrusion Detection System Version 4.2 Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

211

212

213

214

215

216

217

218

219

220

G Troubleshooting

This appendix describes various steps you can take in resolving problems on the agent and

administrative systems. This appendix addresses the following topics:

• “Agent and System Manager cannot communicate with each other” (page 212)

• “Agent complains that idds has not been enabled, yet lsdev shows /dev/idds is present”

(page 212)

• “Agent does not start on system boot” (page 212)

• “Agent halts abnormally, leaving ids_* files and message queues” (page 214)

• “Agent host appears to hang and/or you see message disk full” (page 214)

• “Agent needs further troubleshooting” (page 214)

• “Agent does not start after installation” (page 214)

• “Agents appear to be stuck in polling status” (page 215)

• “Aggregated alerts targets or details field are truncated and the same aggregated alert has

several entries logged in the IDS_ALERTFILE” (page 215)

• “Alert date/time sort seems inconsistent” (page 215)

• “Alerts are not being displayed in the alert browser” (page 215)

• “Buffer overflow triggers false positives” (page 216)

• “Duplicate alerts appear in System Manager” (page 216)

• “Getting several aggregated alerts for the same process” (page 216)

• “GUI runs out of memory after receiving around 19,000 alerts” (page 216)

• “The idsadmin Command needs installed agent certificates” (page 216)

• “The idsadmin Command notifies of bad certificate when pinging a remote agent” (page 217)

• “IDS_checkInstall fails with a kmtune error” (page 217)

• “IDS_genAdminKeys or IDS_genAgentCerts does not complete successfully” (page 217)

• “IDS_genAdminKeys or idsgui quits early” (page 217)

• “Large files in /var/opt/ids” (page 218)

• “Log files are filling up” (page 218)

• “No Agent Available” (page 218)

• “Normal operation of an application generates heavy volume of alerts” (page 218)

• “Reflection X rlogin produces multiple login and logout alerts” (page 219)

• “Schedule Manager timetable screen appears to hang” (page 219)

• “SSH does not perform a clean exit after idsagent is started” (page 219)

• “System Manager appears to hang” (page 219)

• “System Manager does not let you save files to specific directories” (page 219)

• “System Manager does not start after idsgui is started” (page 219)

• “System Manager starts with no borders or title bar in X client programs on Windows”

(page 220)

• “System Manager times out on agent functions such as Activate and Status Poll” (page 220)

• “UNKNOWN program and arguments in certain alert messages” (page 220)

• “Using HP-UX HIDS with IPFilter and SecureShell” (page 220)

• “Unable to Generate Administrator Keys and Agent Certificates on PA–RISC 1.1 Systems”

(page 222)

Troubleshooting

This section describes a variety of potential problems and their solutions. To stay current with

product updates and patches, be sure to monitor the HP security software news and events web

site at www.hp.com/security.

Troubleshooting 211