Automated Response

Sample Response Programs

Logging to a central syslog server While the HP-UX HIDS System Manager provides a centralized location for alerts, you may also want to log alerts to a syslog server. This short script shows how this can be done.

#!/usr/bin/sh

#

#Sample HP-UX HIDS alert response script

#Send a message to syslog containing the alert

#If we have a severity 1 alert then log the alert to syslog if [ $3 = “1” ]

then

/usr/bin/logger -t “HP-UX HIDS” “$8” fi

Appendix B

197

Page 209
Image 209
HP Host Intrusion Detection System (HIDS) manual Appendix B 197