Messages

Agent Messages

Meaning: The system does not have enough disk space to create the interprocess communication files in /var/opt/ids. HP-UX HIDS uses memory-mapped files, each of size 20 MB.

Action: Ensure that there is at least 20 MB of free disk space in the /var partition. You can remove any lingering files with names in the form /var/opt/ids/ids_10*.

idsagent: not enough disk space to create schedule

Meaning: The /var partition is full and the idsagent cannot save the schedule to disk.

Action: Ensure that there is at least 10 MB of free disk space in the /var partition.

idsagent: not enough disk space to parse schedule

Meaning: idsagent was unable to parse the surveillance schedule because the system has exhausted its disk space.

Action: Ensure that there is free disk space in the /var partition.

idsagent: not enough disk space to save config file

Meaning: The system has exhausted the disk space in the root file system partition.

Action: Clean up the root file system partition to free space.

idsagent: out of process table space!

Meaning: There are no process table slots free on the system.

Action: Your system has run out of process table space. Either kill unneeded processes or reconfigure the kernel to allow for more user processes.

idsagent: schedule cannot be executed as specified

Meaning: The surveillance schedule contains detection templates that are not supported by this version of the idsagent.

Action: Verify that you have the latest version of the HP-UX HIDS product installed on the agent system.

idsagent: Surveillance Schedule sched does not contain any surveillance group periods

Meaning: A surveillance schedule sched was activated on the agent that did not contain any valid surveillance groups.

Action: Verify that the surveillance schedule contains surveillance groups in the Schedule Manager window of the HP-UX HIDS System Manager.

idsagent: this host (host) has multiple network addresses

Meaning: idsagent does not know which network interface to listen on for commands. The IDS_LISTEN_IFACE parameter must be set in the configuration file, /etc/opt/ids/ids.cf. Specify an host name or IP address in the configuration file.

Action: If running on a multihomed system, set the IDS_LISTEN_IFACE parameter in

/etc/opt/ids/ids.cf.

idsagent: the IDS_LISTEN_IFACE parameter is specified as: hostname in the configuration file configfile

228

Appendix F

Page 239 Page 241
Page 240
Image 240
HP Host Intrusion Detection System (HIDS) manual Idsagent not enough disk space to create schedule
Page 239 Page 241
Top Page Image Contents