Manualshelf

HP-UX Host Intrusion Detection System Version 4.2 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
displays an error dialog stating that it was unable to parse the schedule and the schedule will
not appear in the System Manager and Schedule Manager windows.
The following scenarios illustrate instances where the GUI Schedule Manager allows
administrators to make and save invalid modifications to pathname_X/program_X filter template
properties:
Example 1-1 Invalid Modification - Scenario 1
In this example, the GUI Schedule Manager allows the administrator to enter an unequal number
of pathnames_X and programs_X pathname groups:
pathnames_1 | file1 & file 2 | file3 | file4
programs_1 | prog1 | prog2
However, the administrator will not be able to activate the schedule as there is no corresponding
program for file4.
Example 1-2 Invalid Modification - Scenario 2
In this example, the GUI Schedule Manager allows the administrator to enter an empty pathname
or program when editing a pathnames_X or a programs_X template property:
pathnames_1 | file1 | | file2
programs_1 | prog1 | prog2
As there is no valid pathname value between the two pipe delimiters , the GUI Schedule Manager
fails to parse the schedule when the administrator tries to activate it.
Diagnosing the Problem
Run the idsadmin --activate <schedule name> command to print useful diagnostic
information, including the line number of the schedule file entry that caused a parsing error.
The idsadmin command provides detailed error messages that can help administrators diagnose
and resolve the problem.
IMPORTANT: The GUI System Manager must be closed before directly editing a Surveillance
Schedule or Group in a text editor. Otherwise, changes made using an editor will be overwritten
by the GUI System Manager when it exits.
TIP: HP recommends that administrators backup copies of Surveillance Schedules and Groups
files periodically in case they need to be restored.
Incorrectly Formatted raw Reports Sent as an Email
Reports in raw format that are generated in /var/opt/ids/reports are formatted correctly.
However, if the raw report is sent to an email address using the --email-to option, then the
report may not be formatted correctly. For example, long entries in a raw report can be broken
up across multiple lines, and reports generated when specifying the : character as a delimiter
(using the --report-delimiter option) may not include the first few entries.
Special Characters not Supported When Specifying Filters Using the tune Command
The pound (#) and pipe (|) characters are currently not supported for specifying filters when
using the tune command. Use of these characters can cause parsing errors.
12 Announcement