https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036443#M739905 Hi KPS -<BR /><BR />The alert.log file on each agent was not designed for viewing but is instead a persistent alert respository on each agent in case the admin GUI/CLUI ever needs to retrieve those alerts for viewing. HIDS v4.0 and prior versions require that you use the admin GUI or CLUI to view formatted alerts. <BR /><BR />HIDS v4.1 (to be released soon this spring) has a new alert reporting command-line feature that allows you to generate consolidated alert reports across any number of agents. The reports can be generated in HTML, text, or "raw" format. For the "raw" formatted reports, the delimiter character can be configured to be any character. Raw reports facilitates post-processing of alerts by customized scripts that you write, much like the alert response programs allow you to do post-processing of alerts in near real-time. Both the content and the presentation of the HTML and text formatted reports are configurable and, using cron, you can have incremental reports sent periodically to specified email addresses.<BR /><BR />HIDS v4.1 will also come with a useful tool for fine tuning schedules by presenting consolidated alerts reports and generating the corresponding filtering rules for those alerts you deem safe to ignore. <BR /><BR />HIDS v4.1 also contains a new feature for proactively suppressing duplicate alerts.<BR /><BR />A list of new features and benefits will be available in the Release Notes when V4.1 is released.<BR /><BR />Pierre<BR /> Tue, 27 Mar 2007 18:11:21 GMT Pierre Pasturel 2007-03-27T18:11:21Z https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036439#M739901 Hi,<BR /><BR />We just installed HIDS 4.0 agent on some clients. All is working well except for the format of the alert logs. It seems as though there are control characters in the alert logs and the format is very much of as far as the legibility. Could anyone tell us why we may be seeing this? I'll attach a sample of one of our alert.log files.<BR /><BR />Thanks in advance.....<BR /><BR />KPS Mon, 26 Mar 2007 13:50:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036439#M739901 KPS 2007-03-26T13:50:29Z https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036440#M739902 I just realized after attaching an ASCII format of the alert.log, it looks a little better. This seems a little off, and I was just wondering if this is normal or should it be more legible to the eye?<BR /><BR />Thanks,<BR />KPS Mon, 26 Mar 2007 13:55:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036440#M739902 KPS 2007-03-26T13:55:04Z https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036441#M739903 Well, those 'funny' characters appear to all be a byte with value 1: 0x01<BR /><BR />You can make it more readable by bulk replacing them with a newline.<BR /><BR />For example:<BR /><BR /># perl -pe 's/\001/\n/g' tmp.txt<BR /><BR />or<BR /> <BR /># tr [\001] [\n] &lt; tmp.txt<BR /><BR />Hein.<BR /><BR /><BR /><BR /> Mon, 26 Mar 2007 14:48:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036441#M739903 Hein van den Heuvel 2007-03-26T14:48:08Z https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036442#M739904 Thanks for the response, we're in better shape with better legibility of the alert logs.<BR /><BR /> Mon, 26 Mar 2007 15:22:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036442#M739904 KPS 2007-03-26T15:22:52Z https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036443#M739905 Hi KPS -<BR /><BR />The alert.log file on each agent was not designed for viewing but is instead a persistent alert respository on each agent in case the admin GUI/CLUI ever needs to retrieve those alerts for viewing. HIDS v4.0 and prior versions require that you use the admin GUI or CLUI to view formatted alerts. <BR /><BR />HIDS v4.1 (to be released soon this spring) has a new alert reporting command-line feature that allows you to generate consolidated alert reports across any number of agents. The reports can be generated in HTML, text, or "raw" format. For the "raw" formatted reports, the delimiter character can be configured to be any character. Raw reports facilitates post-processing of alerts by customized scripts that you write, much like the alert response programs allow you to do post-processing of alerts in near real-time. Both the content and the presentation of the HTML and text formatted reports are configurable and, using cron, you can have incremental reports sent periodically to specified email addresses.<BR /><BR />HIDS v4.1 will also come with a useful tool for fine tuning schedules by presenting consolidated alerts reports and generating the corresponding filtering rules for those alerts you deem safe to ignore. <BR /><BR />HIDS v4.1 also contains a new feature for proactively suppressing duplicate alerts.<BR /><BR />A list of new features and benefits will be available in the Release Notes when V4.1 is released.<BR /><BR />Pierre<BR /> Tue, 27 Mar 2007 18:11:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/hids-alert-log-format/m-p/5036443#M739905 Pierre Pasturel 2007-03-27T18:11:21Z