Network Node Screen

Network Node Screen

Network Node Screen

The Network Node screen contains lists of alerts and errors that have been detected by the related agent. Click the Alerts or Errors tab to see the lists and details panels.

Alerts are recorded on the agent host system in the file /var/opt/ids/alert.log. Errors are recorded on the agent host system in the file /var/opt/ids/error.log.

When the System Manager is running and the agent is active, copies of the alert records are sent to the administration system and added to a file named /var/opt/ids/gui/logs/hostname_alert.log, where hostname is the name of the agent host as displayed on the Host Manager screen. Error records are copied to /var/opt/ids/gui/logs/hostname_error.log.

When the System Manager is not running, the alerts and errors are not transmitted but are still stored locally.

When the Network Node screen is selected for an active agent host, it displays all the alert and error messages that are in the standard System Manager log files for the agent. If the agent host is resynchronized from the System Manager screen, the Network Node screen also displays all the previous alerts and errors that have been received from the agent. See “Resynchronizing Agent Hosts” on page 49 for more information.

Earlier alerts and errors may also be viewed by opening the log file set directly. See “Opening a Log File Set” on page 111.

By default, only the most important error messages are logged by the agent and sent to the System Manager. More detailed error logs are possible. See “The idsagent Command” on page 207 for details.

Opening a Network Node Screen

To display the Network Node screen for an agent host

Step 1. Go to the System Manager screen and do one of:

Select a host in the Monitored Nodes list and choose the View > Network Node menu item

Select a host in the Monitored Nodes list and press Ctrl-B

Double-left-clickan entry in the Monitored Nodes list

The Network Node screen is displayed with the selected host name in the title bar (Figure 7-1 on page 102 or Figure 7-2 on page 104).

Closing a Network Node Screen

To close a Network Node screen

Step 1. On the Network Node screen, do one of:

Choose the File > Close menu item

Press Ctrl-C

If unsaved changes have been made to an open file set, they are saved automatically.

Chapter 7

101

Page 112 Page 114
Page 113
Image 113
HP Host Intrusion Detection System (HIDS) manual Opening a Network Node Screen, Closing a Network Node Screen
Page 112 Page 114
Top Page Image Contents