HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)
Table 36 Failed Login Attempts Alert Properties (continued)
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse Program
Argument
UTC time in number of
seconds since the epoch
when
<max_failed_login>
number of failed logins were
detected for a particular
target login account
<secs>IntegerUTC Timeargv[4]
Name or IP address of the
host from which the user
logged in or out.
<fully qualified host name>
<IP Address>
StringAttackerargv[5]
Name of the user who
logged in or out.
<username>StringTargetargv[6]
Alert summaryFailed login attemptsStringSummaryargv[7]
Detailed alert descriptionMore than <max_failed_login>
failed logins by user <username>
(REMOTE: <fully qualified host
name> <IP address>)
StringDetailsargv[8]
The event that triggered the
alert.
Failed loginStringEventargv[9]
Indicates a failed login alert
versus a failed su alert
1IntegerFlagargv[10]
Target login name that a
user was attempting to log
in as
<username>StringUserargv[11]
Name of pty device
associated with failed login
attempt
<pty device name>StringDeviceargv[12]
Name of remote host from
which login was attempted
<remote hostname>StringHostnameargv[13]
IP address of remote host
from which login was
attempted
<A.B.C.D> for IPv4 addresses
A:B:C:D:... for IPv6 addresses
StringIP Addressargv[14]
Repeated Failed Logins Template 145