HP-UX Host Intrusion Detection System Version 4.2 Administration Guide
Step 3: Updating and Deploying the Schedule........................................................................184
Generating Alert Reports Using the idsadmin Command.................................................................184
The idsadmin Command Reporting Options................................................................................185
Using the idsadmin Command to Generate Reports..................................................................187
Benefits of Generating Reports in raw Format.........................................................................190
D The Agent Configuration File...................................................................................191
The Agent Configuration File.............................................................................................................191
Forcing Active Agent to Reread Configuration File......................................................................191
Log File Rotation............................................................................................................................191
Global Configuration..........................................................................................................................192
Correlator Process Configuration.......................................................................................................193
Data Source Process Configuration....................................................................................................194
Kernel Audit Data DSP..................................................................................................................194
Remote Communication Configuration.............................................................................................195
E The Surveillance Schedule Text File.........................................................................197
Getting Started....................................................................................................................................197
Automating the Activation of Surveillance Schedules.......................................................................197
Surveillance Schedule Text File...........................................................................................................198
Surveillance Schedule Section.............................................................................................................198
Surveillance Group Section.................................................................................................................200
F Error Messages...........................................................................................................203
Agent Messages...................................................................................................................................203
System Manager Messages.................................................................................................................207
G Troubleshooting.........................................................................................................211
Troubleshooting..................................................................................................................................211
Agent and System Manager cannot communicate with each other..............................................212
Agent complains that idds has not been enabled, yet lsdev shows /dev/idds is present.....212
Agent does not start on system boot.............................................................................................212
Agent halts abnormally, leaving ids_* files and message queues..............................................214
Agent host appears to hang and/or you see message disk full...............................................214
Agent needs further troubleshooting............................................................................................214
Agent does not start after installation...........................................................................................214
Agents appear to be stuck in polling status..................................................................................215
Aggregated alerts targets or details field are truncated and the same aggregated alert has several
entries logged in the IDS_ALERTFILE.........................................................................................215
Alert date/time sort seems inconsistent.........................................................................................215
Alerts are not being displayed in the alert browser......................................................................215
Buffer overflow triggers false positives.........................................................................................216
Duplicate alerts appear in System Manager..................................................................................216
Getting several aggregated alerts for the same process................................................................216
GUI runs out of memory after receiving around 19,000 alerts......................................................216
The idsadmin Command needs installed agent certificates.......................................................216
The idsadmin Command notifies of bad certificate when pinging a remote agent...................217
IDS_checkInstall fails with a kmtune error...........................................................................217
IDS_genAdminKeys or IDS_genAgentCerts does not complete successfully.......................217
IDS_genAdminKeys or idsgui quits early...................................................................................217
Large files in /var/opt/ids.......................................................................................................218
Log files are filling up....................................................................................................................218
8 Table of Contents