HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Table 51 Reporting Options Supported by idsadmin (continued)

DescriptionOption

• logout – report alerts triggered by

logouts

• all – report all alerts regardless of the

event that triggered the alert

The default value is all.

A comma-separated list of alert fields to print

in a report, where:

--alert-fields

• hostname — The hostname of the agent

that generated the alert.

• ipaddr — The host IP address of the

agent that generated the alert.

• template — The template that generated

the alert.

• localdate — The local date and time

of the event that triggered the alert.

• utcdate — The UTC date and time of

the event that triggered the alert.

• utcsecs — The UTC time of the event

that triggered the alert.

• severity — The alert severity.

• count — Number of times this alert was

generated. For aggregated alerts, this field

contains the number of alerts that were

aggregated into a single alert.

• attacker — Program that triggered the

attack for file related alerts. User that

triggered the attack for login/logout or su

alerts. For aggregated alerts, the program

that triggered the alerts and/or whose

forked programs triggered the alerts.

• target — For file related alerts, the

pathname of the targeted file. For

login/logout, or su alerts, the targeted user

account. For aggregated alerts, set to

{multiple targets}.

• event — The event that triggered the

target. For aggregated alerts, this field is

set to {multiple targets}.

• user — The user (ruid:rgid:euid:egid) that

triggered the alert.

• summary — Alert summary.

• details — Alert details.

By default, all fields (except the template field)

are displayed.

Specifies that only alerts with the specified

severity levels are reported. By default, alerts

--alert-severities critical | severe | moderate |

all

of all severity levels are included in the alert

report.

If this option is not specified, alerts of all

severity levels are included in the report.

Comma separated list of e-mail addresses to

which alert reports are sent.

--e-mail-to e-mail_ADDRESS1, e-mail_ADDRESS2, ...

Generating Alert Reports Using the idsadmin Command 175