McAfee® Host Intrusion Prevention 6.1 Product Guide | Host Intrusion Prevention Client |
| Solaris client |
9
Run this command... | To do this... | |
|
| |
hipts message <message name>:on | Display the message type indicated when logging is | |
| set to “on.” Messages include: | |
| | error |
| | warning |
| | debug |
| | info |
| | violations |
|
| |
hipts message <message name>:off | Hide the message type indicated when logging is | |
| set to “on.”Message error is off by default. | |
|
| |
hipts message all:on | Display all message types when logging is set to | |
| “on.” | |
|
| |
hipts message all:off | Hide all message types when logging is set to “on.” | |
|
| |
hipts engines <engine name>:on | Turn on the engine indicated. Engine is on by | |
| default. Engines include: | |
| | MISC |
| | FILES |
| | GUID |
| | MMAP |
| | BO |
| | ENV |
| | HTTP |
|
| |
hipts engines <engine name>:off | Turn off the engine indicated. | |
|
| |
hipts engines all:on | Turn on all engines. | |
|
| |
hipts engines all:off | Turn off all engines. | |
|
|
|
In addition to using the troubleshooting tool, consult the HIPShield.log and HIPClient.log files in the /opt/McAfee/hip/log directory to verify operations or track issues.
Starting and stopping the client
You may need to stop a running client and restart it as part of troubleshooting.
To stop a Solaris client:
1Disable IPS protection. Use one of these procedures:
Set IPS Options to Off in the ePO console and apply the policy to the client.
Run the command: hipts engines MISC:off.
2Run the command: /etc/rc2.d/S99hip stop.
To restart a Solaris client:
1Run the command: /etc/rc2.d/S99hip restart.
2Enable IPS protection. Use one of these procedures, depending on which you used to stop the client:
Set IPS Options to On in the ePO console and apply the policy to the client.
Run the command: hipts engines MISC:on.