HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: IDS/9000 Surveillance Schedule problems
Operating System - HP-UX
1834532
Members
3391
Online
110069
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2003 04:14 AM
06-10-2003 04:14 AM
IDS/9000 Surveillance Schedule problems
Hi all
I am testing IDS/9000 here at our site, but I am having problems with the surveillance schedules. I have created a copy of the FileAndLoginMonitoringAlwaysOn and named it Test_schedule. Whenever an alert appears, I check whether it is a valid alert, and exclude it if I do not need it. Obviously I save the test schedule after making changes.
The problem is that the changes to the test schedule are sometimes discarded and one has to put in the exclude conditions from scratch.
Has anyone come across anything similar? Any help would be appreciated!
I am testing IDS/9000 here at our site, but I am having problems with the surveillance schedules. I have created a copy of the FileAndLoginMonitoringAlwaysOn and named it Test_schedule. Whenever an alert appears, I check whether it is a valid alert, and exclude it if I do not need it. Obviously I save the test schedule after making changes.
The problem is that the changes to the test schedule are sometimes discarded and one has to put in the exclude conditions from scratch.
Has anyone come across anything similar? Any help would be appreciated!
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2003 04:43 AM
06-10-2003 04:43 AM
Re: IDS/9000 Surveillance Schedule problems
Take a look at the logs and see if there is problem that would cause this.
/var/opt/ids/alert.log: # Intrusion alerts are reported here.
/var/opt/ids/error.log: # Diagnostic and error information
/var/opt/ids/gui/guiError.log: # Reports unexpected Java errors
/var/opt/ids/gui/logs/Trace.log: # Captures debugging information and idsgui internal errors
/var/opt/ids/cert.log: # Problems with certificate configuration scripts
Berlene
/var/opt/ids/alert.log: # Intrusion alerts are reported here.
/var/opt/ids/error.log: # Diagnostic and error information
/var/opt/ids/gui/guiError.log: # Reports unexpected Java errors
/var/opt/ids/gui/logs/Trace.log: # Captures debugging information and idsgui internal errors
/var/opt/ids/cert.log: # Problems with certificate configuration scripts
Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2003 04:58 AM
06-10-2003 04:58 AM
Re: IDS/9000 Surveillance Schedule problems
Keep in mind that changes to certain parameters affect the _Survailance_group_ and not just the schedule itself. I implemented this a few weeks back and was going nuts as to why changing parameters in one schedule was affecting another. IDS9000 can be quite a challenge at times to set up and tweak.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2003 05:45 AM
06-10-2003 05:45 AM
Re: IDS/9000 Surveillance Schedule problems
So if I copy a schedule supplied with the product and I modify one of the Surveillance Groups within the copy, all the schedules that contain the modified Surveillance Group will be affected? Should one create one's own Surveillance Groups to avoid this happening?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-11-2003 12:53 PM
06-11-2003 12:53 PM
Re: IDS/9000 Surveillance Schedule problems
See my answers below to your questions.
Please take note of the warning under "Modifying a Surveillance Group" in the admin guide:
"Do not modify any predefined group, distributed with IDS/9000. It cannot be saved. Copyit instead. See "Copying a Surveillance Group" on page 77 and "Predefined Surveillance
Schedules and Groups" on page 90."
Unfortunately, the GUI currently allows you to change the group in its memory representation of the schedule even though it can not save the changes to persistent storage. Also, the GUI does not complain about not being able to save the groups when saving your schedule copy. That is why you can change the predefined groups but will not realize your changes were not saved to disk and not see the changes the next time you restart the GUI. We have already filed an enhancement request.
A bit of background:
We chose to make the predefined schedules and groups read-only (by setting the underlying files that persistently store them with read-only permission) to force the user to make a copy of these schedules and groups and make their customizations of their copies. We made this decision because we wanted to be able to modify the precanned schedules and groups for a future release of the product (i.e, with perhaps better template default values or new template properties) and didn't want a customer to lose their customizations if they were allowed to modify the precanned schedules&groups and lose their changes when they upgraded.
>So if I copy a schedule >supplied with the product and >I modify one of the >Surveillance Groups within the >copy, all the schedules that >contain the modified >Surveillance Group will be >affected?
Yes. A schedule contains a *reference* to groups (i.e., group names), not instances of the group. So when you change a group, any schedule which references that group by name will get the changes.
>Should one create >one's own >Surveillance Groups >to avoid >this happening?
If you desire a schedule with groups which have the same templates as other groups but with different template properties and/or with a different time schedule, you need to create your own groups for that schedule. See Step 2 under the section "Creating a Surveillance Schedule" in the admin guide for when you should create your own groups.
Pierre
Please take note of the warning under "Modifying a Surveillance Group" in the admin guide:
"Do not modify any predefined group, distributed with IDS/9000. It cannot be saved. Copyit instead. See "Copying a Surveillance Group" on page 77 and "Predefined Surveillance
Schedules and Groups" on page 90."
Unfortunately, the GUI currently allows you to change the group in its memory representation of the schedule even though it can not save the changes to persistent storage. Also, the GUI does not complain about not being able to save the groups when saving your schedule copy. That is why you can change the predefined groups but will not realize your changes were not saved to disk and not see the changes the next time you restart the GUI. We have already filed an enhancement request.
A bit of background:
We chose to make the predefined schedules and groups read-only (by setting the underlying files that persistently store them with read-only permission) to force the user to make a copy of these schedules and groups and make their customizations of their copies. We made this decision because we wanted to be able to modify the precanned schedules and groups for a future release of the product (i.e, with perhaps better template default values or new template properties) and didn't want a customer to lose their customizations if they were allowed to modify the precanned schedules&groups and lose their changes when they upgraded.
>So if I copy a schedule >supplied with the product and >I modify one of the >Surveillance Groups within the >copy, all the schedules that >contain the modified >Surveillance Group will be >affected?
Yes. A schedule contains a *reference* to groups (i.e., group names), not instances of the group. So when you change a group, any schedule which references that group by name will get the changes.
>Should one create >one's own >Surveillance Groups >to avoid >this happening?
If you desire a schedule with groups which have the same templates as other groups but with different template properties and/or with a different time schedule, you need to create your own groups for that schedule. See Step 2 under the section "Creating a Surveillance Schedule" in the admin guide for when you should create your own groups.
Pierre
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP