HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)
NOTE: For more information about regular expressions, see: “UNIX Regular Expressions ” (page
106)
Alerts generated by this template
Log File Monitoring
Table 40 (page 149) lists the alert properties the Log File Monitoring template generates and
forwards to a response program when log entries matching a string pattern are detected.
Table 40 Log File Monitoring Alert Properties
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Unique code assigned to template10IntegerTemplate Codeargv[1]
Template version<version>IntegerVersionargv[2]
Specifies alert severity. Alert
severity is configurable.
<severity level>IntegerSeverityargv[3]
UTC time in number of seconds
since the epoch when the log file
entry was detected.
<secs>IntegerUTC Timeargv[4]
<empty>String<empty>argv[5]
<empty>String<empty>argv[6]
Alert summaryMessage loggedStringSummaryargv[7]
Contains message logged and
name of log file.
“<log message>” was logged to
<logfile>
StringDetailsargv[8]
Limitations
The Log File Monitoring template has the following limitation:
• There can only be one group of logfile watch, ignore, and severity properties for any
given pathname specified in the logfile property. Any subsequent properties for the same log
file pathname are ignored.
• A maximum of 50 log files can be monitored.
Log File Monitoring Template 149