HPE Community
Operating System - HP-UX
1833847 Members
2174 Online
110063 Solutions
New Discussion

IDS 9000 alerts and notification

 
Paul T. Green
Advisor

‎10-29-2001 08:45 AM

‎10-29-2001 08:45 AM

IDS 9000 alerts and notification

Installed Praesidium IDS9000 A.01.00 successfully. Agent only on production and I am all green, monitoring is taking place.
The thing is I have not received any alerts... maybe I have not hit any threasholds.

Does any one know how to configure **notifications** like to my e-mail address or my escallation pager?

Is there another version out there, a patch?

When can we expect the next version?
We'd like to know a little bit about you for our files.... Paul Simon
0 Kudos
Reply
2 REPLIES 2
Rpger Tavener
Occasional Advisor

‎10-31-2001 09:39 AM

‎10-31-2001 09:39 AM

Re: IDS 9000 alerts and notification

Frank

Take a look at pages 106-110 of the HP Praesiduim Intrusion Detection Guide.. They have a sample program that you might find useful.
I also heard that Ver 2.0 will be available soon. Maybe it will have more bells and whistles!

Roger
When the only tool you own is a hammer, every problem looks like a nail!
0 Kudos
Reply
Stephanie Miller
Occasional Advisor

‎11-02-2001 07:44 AM

‎11-02-2001 07:44 AM

Re: IDS 9000 alerts and notification

The first step is to check that alerts are being collected locally on the agent. If they are, then the file /var/opt/ids/alert.log should be populated with the alerts. If they are not, you might want to check the /var/opt/ids/error.log file for possible problems. Once alerts are collected locally they are then sent via secure communications to the system management GUI (this is where you configured the surveillance details and activated the monitoring for your system). If that communication is not happening, it could be for a number of reasons. Are the agent and system manager installed on the same host? If so, perhaps the certificates need to be regenerated. If they are on separate hosts, is there a firewall between them doing network address translation? The GUI only displays alerts if it recognizes the ip address where the alert is coming from.

To receive alert notification in email or a pager, there is an alert response mechanism described in the manual. That is configured locally on the agent system.

Version 2.0 of the product is due out in a couple of weeks. It also includes alert integration with HP's OpenView Operations product. Plus lots of other exciting features.

I hope this is helpful.

-Stephanie
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.