Manualshelf

HP-UX Host Intrusion Detection System Version 4.2 Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
51525354555657585960
1. On the System Manager screen, in the Monitored Hosts list, select the hosts status you want
to update.
2. Select one of the following options:
Click the Status button.
Choose the Actions > Status Poll menu item.
Press Shift+F7.
Right-click in the Monitored Hosts area and select Status Poll from the menu.
The System Manager begins polling the selected hosts and returns an updated value in the
Status field. These values are described in Table 4-2 (page 50).
If No Agent Available is shown for a host, the agent may not be not running, or is still
initializing. Recheck the status later. If the agent status does not change, then the following
problems may exist:
The agent may not be running on the host. For more information, see “Starting HP-UX
HIDS Agents” (page 51).
The agent host may be down.
The administration and agent host certificates may not be properly configured. For
more information, see “Setting Up HP-UX HIDS Secure Communications” (page 29).
The network may be congested.
The network link to the host may be unavailable.
See also Appendix F (page 203).
Resynchronizing Agent Hosts
The HP-UX HIDS agent program can continue to detect alerts when the HP-UX HIDS System
Manager is not running. During this period, as each agent detects intrusions, it records them in
a log file on the agent host. When you restart the HP-UX HIDS System Manager, the following
events occur:
1. The System Manager locates its own log files for each agent host in the Monitored Host list.
2. If the Automatic Startup Status Poll field is enabled, the monitored hosts are polled for their
status. If the status is either Scheduled or Running, the hosts subsequent alerts and errors
are added to the System Manager log files. For more information, see “General Preferences”
(page 105),
3. If Automatic Startup Alert Resynchronization is enabled, all the alerts in the agent’s log file
that are not updated in the System Manager alert log file are transferred to the System
Manager. If the alert log file for a particular agent is empty, then all alerts are transferred to
the System Manager. For more information, see “General Preferences” (page 105).
TIP: To avoid reloading deleted alerts, retain only the most recent alert message.
The error log files are not resynchronized.
If the Automatic Startup Status Poll field is disabled, you must poll the status of the agent hosts
before you can resynchronize them. See “Getting the Status of Agent Hosts” (page 51).
If Automatic Startup Alert Resynchronization is disabled, use the following procedure to
synchronize the alerts.
1. On the System Manager screen, in the Monitored Hosts list, select the hosts you want to
resynchronize. The status of these hosts must be Available, Scheduled, or Running.
52 Using the System Manager Screen