HPE Community
Operating System - HP-UX
1832757 Members
3010 Online
110045 Solutions
New Discussion

Re: questions on using IDS

 
shacharg
New Member

‎04-07-2002 11:33 PM

‎04-07-2002 11:33 PM

questions on using IDS

Hello,

I have IDS/9000 v2 on HPUX11.0 server.
I recieve many alerts "Filesystem change detected" for activities made on files :
"/etc/syslog.conf.[0-9]+" (for example /etc/syslog.conf.6757). I tried regular expression with *, <*> to exclude it but it doesn't work.

Is any way to exclude these files ?

Thanks,
Alex
0 Kudos
Reply
3 REPLIES 3
Clemens van Everdingen
Honored Contributor

‎04-08-2002 12:15 AM

‎04-08-2002 12:15 AM

Re: questions on using IDS

Hi,

Did you check the Administrator guide:

http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/J5083-90007/J5083-90007_top.html&con=/hpux/onlinedocs/J5083-90007/00/00/37-con.html&toc=/hpux/onlinedocs/J5083-90007/00/00/37-toc.html&searchterms=IDS&queryid=20020408-012039

C.
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
0 Kudos
Reply
Steve Steel
Honored Contributor

‎04-08-2002 12:39 AM

‎04-08-2002 12:39 AM

Re: questions on using IDS

 
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
Pierre Pasturel
Respected Contributor

‎04-22-2002 04:24 PM

‎04-22-2002 04:24 PM

Re: questions on using IDS

Use "/etc/syslog.conf." in the "Ignore these directories" in the Modifcation of files/directories template.
This string will match /etc/syslog.conf.1212 but also /etc/syslog.conf.otherstuff.

If you refer to the regular expression section in the appendix of the admin guide, /etc/syslog.conf.<#>$ is what you really want, but unfortunately this does not work.

BTW, you can only specify regular expressions for the "directory property;" the "file" properties are only used for exact string matches.

Pierre




0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.