Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Security
cancel
Showing results for 
Search instead for 
Did you mean: 

HIDS report: WARNING: Corrupt file alert!

Fernando Boza
Regular Advisor

HIDS report: WARNING: Corrupt file alert!

When taking a report from the IDS in the production server hp, this show several warning which indicates corrupt files:

$ /opt/ids/bin/idsadmin -r --start-date 20110210 --end-date 20110210 --report-time local
WARNING: Corrupt file alert! Only 12 fields found. Expected 35 fields. Skipping....
WARNING: /var/opt/ids/gui/logs/CRDHP01_alert.log (line 63489):
WARNING: CRDHP01172.17.118.12Tue Nov 30 11:50:44 2010 SAT2321291135844uid=0,gid=3,pid=26557,ppid=21664file=/respaldosdba/BK_tempdb_log_01.txtnullnullnull
WARNING: Corrupt file alert! Only 12 fields found. Expected 35 fields. Skipping....
WARNING: /var/opt/ids/gui/logs/CRDHP01_alert.log (line 96781):
WARNING: CRDHP01172.17.118.12Wed Dec 1 17:14:56 2010 SAT2321291241696uid=102,gid=102,pid=15169,ppid=15168file=/bkestadocuenta/Unibanco/Visa/Pag_V_VSEC1012_01_BL0105_RG02CI20_emp12.txtnullnullnull
WARNING: Corrupt file alert! Only 12 fields found. Expected 35 fields. Skipping....
WARNING: /var/opt/ids/gui/logs/CRDHP01_alert.log (line 146680):
WARNING: CRDHP01172.17.118.12Fri Jan 28 16:15:58 2011 SAT2321296249358uid=102,gid=102,pid=5293,ppid=5292file=/bkestadocuenta/Bolivariano/Visa/Pag_V_VSEC1012_01_BL0026_RG01CI01_emp1.txtnullnullnull
Alert Report saved in /var/opt/ids/reports/HIDS_Report_Feb11_2011_15_45_05.html


Any ideas?
1 REPLY
Highlighted
Pierre Pasturel_1
Occasional Advisor

Re: HIDS report: WARNING: Corrupt file alert!

Which version of HP-UX HIDS are you running (swlist HPUX-HIDS)?