HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)
Table 51 Reporting Options Supported by idsadmin
DescriptionOption
A comma-separated list of host names or IP
addresses of agent(s) to monitor and manage,
if an agent is configured to monitor HP-UX
Containers (HP-UX SRP). Specify the
comma-separated list of Container (SRP)
names within square brackets appended to
host name or IP address of agent separated
by colon. Specify all to include all agent
hosts listed in sentinal.hosts, even those
not currently monitored by the HIDS GUI.
Specify managed to only include agent hosts
that are marked as managed by the HIDS
GUI. When used with the report option,
the default is managed. If the agent is
configured to monitor HP–UX Containers
(HP-UX SRP), all the Container (SRP) names
should be explicitly specified else the report
generated will not contain the Container
information.
-a, --agent-hosts
host1:[srp1,srp2,......],host2:[srp1,srp2,......]...|
all | managed
Specifies that only alerts triggered by the
specified events are reported, where:
• create – report alerts triggered by a
creation event
• delete – report alerts triggered by a
deletion event
• modify – report alerts triggered by a
modification or potential modification
event
• login – report alerts triggered by
successful logins
• flogin – report alerts triggered by failed
logins
• su- report alerts triggered by successful su
attempts
• fsu – report alerts triggered by failed su
attempts
• logout – report alerts triggered by
logouts
• all – report all alerts regardless of the
event that triggered the alert
The default value is all.
--alert-events event_1, event_2...
178 Tuning Schedules and Generating Alert Reports