Manualshelf

HP-UX Host Intrusion Detection System Version 4.2 Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
919293949596979899100
7 Using the Network Node Screen
This chapter describes the Network Node screen, which displays alerts and errors for a specified
agent host. It addresses the following topics:
“Network Node Screen” (page 95)
Alerts Tab” (page 96)
“Errors Tab (page 97)
“General Operations” (page 97)
Network Node Screen
The Network Node screen contains lists of alerts and errors that have been detected by the related
agent. Click the Alerts or Errors tab to view the lists and details.
Alerts are recorded on the agent host system in the /var/opt/ids/alert.log file. Errors are
recorded on the agent host system in the /var/opt/ids/error.log file.
When the System Manager is running and the agent is active, copies of the alert records are sent
to the administration system and added to a file named
/var/opt/ids/gui/logs/hostname_alert.log, where hostname is the name of the agent
host as displayed on the Host Manager screen. Error records are copied to
/var/opt/ids/gui/logs/hostname_error.log.
When the System Manager is not running, alerts and errors are not transmitted but are still stored
locally in the host.
When the Network Node screen is selected for an active agent host, it displays all the alert and
error messages that are in the standard System Manager log files for the agent. If the agent host
is resynchronized from the System Manager screen, the Network Node screen also displays all
the previous alerts and errors that were received from the agent. For more information, see
“Resynchronizing Agent Hosts” (page 52).
You can also view previous alerts and errors by opening the log file set directly. For more
information, see “Opening a Log File Set” (page 102).
By default, only the most important error messages are logged by the agent and sent to the System
Manager. You can create more detailed error logs if needed.
Opening a Network Node Screen
To display the Network Node screen for an agent host, follow these steps:
On the System Manager screen, perform one of the following steps:
Select a host in the Monitored Nodes list and choose the View > Network Node menu
item.
Select a host in the Monitored Nodes list and press Ctrl+B.
Double-left-click an entry in the Monitored Nodes list.
The Network Node screen is displayed with the selected host name in the title bar. See
Figure 7-1 (page 96) and Figure 7-2 (page 97).
Closing a Network Node Screen
To close a Network Node screen, follow these steps:
On the Network Node screen, perform one of the following steps:
Choose the File > Close menu item.
Press Ctrl+C.
If you made unsaved changes to an open file set, they are saved automatically.
Network Node Screen 95