Manualshelf

HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
81828384858687888990
7 Using the Network Node Screen
This chapter describes the Network Node screen, which displays alerts and errors for a specified
agent host. It addresses the following topics:
“Network Node Screen (page 89)
Alerts Tab (page 90)
“Errors Tab (page 91)
“General Operations (page 92)
Network Node Screen
The Network Node screen contains lists of alerts and errors that have been detected by the related
agent. Click the Alerts or Errors tab to view the lists and details.
Alerts are recorded on the agent host system in the /var/opt/ids/alert.log file. Errors are
recorded on the agent host system in the /var/opt/ids/error.log file.
When the System Manager is running and the agent is active, copies of the alert records are sent
to the administration system and added to a file named
/var/opt/ids/gui/logs/hostname_alert.log, where hostname is the name of the
agent host as displayed on the Host Manager screen. Error records are copied to
/var/opt/ids/gui/logs/hostname_error.log.
When the System Manager is not running, alerts and errors are not transmitted but are still stored
locally in the host.
When the Network Node screen is selected for an active agent host, it displays all the alert and
error messages that are in the standard System Manager log files for the agent. If the agent host
is resynchronized from the System Manager screen, the Network Node screen also displays all
the previous alerts and errors that were received from the agent. For more information, see
“Resynchronizing Agent Hosts (page 46).
You can also view previous alerts and errors by opening the log file set directly. For more
information, see “Opening a Log File Set” (page 96).
By default, only the most important error messages are logged by the agent and sent to the System
Manager. You can create more detailed error logs if needed.
Opening a Network Node Screen
To display the Network Node screen for an agent host, follow these steps:
On the System Manager screen, perform one of the following steps:
Select a host in the Monitored Nodes list and choose the View > Network Node menu
item.
Select a host in the Monitored Nodes list and press Ctrl+B.
Double-left-click an entry in the Monitored Nodes list.
The Network Node screen is displayed with the selected host name in the title bar. See
Figure 34 (page 90) and Figure 35 (page 91).
Closing a Network Node Screen
To close a Network Node screen, follow these steps:
Network Node Screen 89