HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

191

192

193

194

195

196

197

198

199

200

selected in the GUI Schedule Manager. The property set to "0" is equivalent to the Monitor

Failed Attempts To Create / Modify / Delete Critical Files option box that is not selected. By

default, the property value is set to “0”.

• log_severity_def: This property defines the default severity level for alerts that are

generated by the Log File Monitoring Template. For more information, see “Log File

Monitoring Template” (page 145). The property value is specified using the syntax described

in “Type VIII: Scalars” (page 110). By default, the property value is set to “3”. For a list of valid

severity levels, see “Alerts Tab” (page 86).

For more information on regular expressions, see “UNIX Regular Expressions ” (page 105).

Container (SRP) Configuration Section

The section is required only if the agent is configured to monitor HP-UX Containers.

The section contains the following keywords and syntax:

SRP

NAME <SRP name>

GROUPPERIOD

NAME <group name>

GMT <integer>

STARTTIME hh:mm:d

ENDTIME hh:mm:d

GROUP <group name>...

ENDGROUP

ENDGROUPPERIOD

ENDSRP

This is a subsection of the surveillance schedule section. The section is bracketed by the SRP and

ENDSRP keywords. Each SRP section can have any number of GROUPPERIOD sections. See

Surveillance Group section for details about GROUPPERIOD. The name in the SRP NAME keyword

is the name of the Container (SRP) configured on the host that needs to be monitored. For monitoring

Global SRP (init Containers) specify SRP name as “init” in lower case.

This section can be repeated based on the number of Containers (SRPs) that needs to be monitored.

Surveillance Group Section

The section contains the following keywords and syntax:

GROUPPERIOD

NAME <group name>

GMT <integer>

STARTTIME hh:mm:d

ENDTIME hh:mm:d

GROUP <group name>...

ENDGROUP

ENDGROUPPERIOD

This section is a subsection of the surveillance schedule section. The section is bracketed by the

GROUPPERIOD and ENDGROUPPERIOD keywords. Each GROUPPERIOD section can have only

one GROUP or ENDGROUP section. The templates and their property values are stored in the

corresponding group file and not in the schedule file. Each group exists as individual files within

the groups subdirectory and can be used across multiple schedules. To include a group in a

schedule, the name of the group must be added within the GROUPPERIOD NAME keyword in the

schedule file. If a change is made to a particular group file, that change is applicable to all the

schedules that reference that group. However, the GMT , STARTTIME , and ENDTIME keywords

in the schedule file enable you to specify varying start and end times for the same group on different

schedules.

• The name in the GROUPPERIOD NAME keyword and the name of the group file located in

the groups subdirectory must match (not including the file extension) and they must be unique

across all surveillance group names specified in the surveillance schedule text file. The name

Container (SRP) Configuration Section 191