HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

Example 18 To generate a report for all agents listing only alerts related to failed logins, logouts,

and failed su attempts. The report is e-mailed to the specified e-mail address with a customized

message and subject line.

/opt/ids/bin/idsadmin –r --alert-events flogin, logout, fsu

--e-mail-to admin@xyz.com --e-mail-message “HIDS Alert

Report Generated” --e-mail-subject “Report Dated Mar 23

2007”

Example 19 To generate a report for all agents listed in the sentinal.hosts file starting from

January 01 2007, displaying only the specified fields. The report is in raw format and e-mailed to

the specified e-mail address.

/opt/ids/bin/idsadmin -r -a all --start-date 20070101

--report-format raw --e-mail-to admin@xyz.com --alert-fields

localdate,attacker,target,action,uid

Figure 46 is a screenshot of the generated report in raw format with alert fields separated by the

default delimiter pipe (|) character:

Figure 46 Screenshot of the Generated Report in .raw Format

184 Tuning Schedules and Generating Alert Reports