HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)
D The Agent Configuration File....................................................................182
The Agent Configuration File..................................................................................................182
Forcing Active Agent to Reread Configuration File................................................................182
Log File Rotation..............................................................................................................182
Global Configuration............................................................................................................183
Correlator Process Configuration.............................................................................................183
Data Source Process Configuration.........................................................................................184
Kernel Audit Data DSP......................................................................................................185
Remote Communication Configuration.....................................................................................186
E The Surveillance Schedule Text File...........................................................188
Getting Started.....................................................................................................................188
Automating the Activation of Surveillance Schedules.................................................................188
Surveillance Schedule Text File...............................................................................................189
Surveillance Schedule Section................................................................................................189
Container (SRP) Configuration Section.....................................................................................191
Surveillance Group Section....................................................................................................191
F Error Messages.......................................................................................195
Agent Messages...................................................................................................................195
System Manager Messages....................................................................................................199
G Troubleshooting.....................................................................................203
Troubleshooting....................................................................................................................204
Agent and System Manager cannot communicate with each other..........................................204
Agent complains that idds has not been enabled, yet lsdev shows /dev/idds is present............205
Agent does not start on system boot...................................................................................205
Agent halts abnormally, leaving ids_* files and message queues............................................206
Agent host appears to hang and/or you see message disk full...............................................206
Agent needs further troubleshooting...................................................................................206
Agent does not start after installation..................................................................................207
Agents appear to be stuck in polling status..........................................................................207
Agent displays error if hostname to IP mapping is not registered in name service......................207
Aggregated alerts targets or details field are truncated and the same aggregated alert has several
entries logged in the IDS_ALERTFILE...................................................................................207
Alert date/time sort seems inconsistent...............................................................................208
Alerts are not being displayed in the alert browser...............................................................208
Buffer overflow triggers false positives.................................................................................208
Duplicate alerts appear in System Manager........................................................................208
Getting several aggregated alerts for the same process.........................................................209
GUI runs out of memory after receiving around 19,000 alerts................................................209
The idsadmin Command needs installed agent certificates.....................................................209
The idsadmin Command notifies of bad certificate when pinging a remote agent.....................209
IDS_checkInstall fails with a kmtune error............................................................................210
IDS_genAdminKeys or IDS_genAgentCerts does not complete successfully...............................210
IDS_genAdminKeys or idsgui quits early.............................................................................210
Large files in /var/opt/ids................................................................................................210
Log files are filling up.......................................................................................................211
No Agent Available.........................................................................................................211
Normal operation of an application generates heavy volume of alerts....................................211
Reflection X rlogin produces multiple login and logout alerts..................................................211
Schedule Manager timetable screen appears to hang...........................................................212
SSH does not perform a clean exit after idsagent is started....................................................212
System Manager appears to hang.....................................................................................212
System Manager does not let you save files to specific directories...........................................212
System Manager does not start after idsgui is started............................................................212
8 Contents