 |
» |
|
|
|
The Schedule Manager screen helps you create and configure HP-UX HIDS surveillance schedules, surveillance groups, and detection templates. Using this screen, you can: Add, rename, delete, and define surveillance schedules, including which surveillance groups make up a schedule. Add, rename, delete, and define surveillance groups, including which templates make up a group, the days and times the group will be active, and the values for the properties of the selected templates.
| | | |  | NOTE: A group’s timetable can be different in different schedules. A template’s property values can be different in different groups | | | | |
A surveillance schedule is what you activate on an agent host to monitor activities and report alerts. It includes the name of one or more surveillance groups. A surveillance group consists of one or more templates. A template consists of one or more properties. A property can have zero or more values. The templates and their properties are predefined. Surveillance schedules are saved in /etc/opt/ids/schedules/<schedname>.txt where schedname is the name of the schedule. If you rename a schedule, its file is renamed. If you save a schedule under a new name, the old file is renamed and the schedule is renamed. Saving a schedule ensures that it has been written to disk. Surveillance groups are saved in /etc/opt/ids/schedules/groups/<groupname>.txt where groupname is the name of the group. If you rename a group, its file is renamed. Schedules and groups are saved automatically when you first create them and every time you exit from the System Manager screen. For information about the format and structure of surveillance schedules and groups, see Appendix E. The Schedule Manager screen comprises of four major parts: The Configure tab, where you define surveillance schedules, groups, and template properties. For more information, see “Configuring Surveillance Schedules”, “Configuring Surveillance Groups”, and “Configuring Detection Templates”. The Timetable tab, where you specify when each surveillance group of a surveillance schedule will run. For more information, see “Setting Surveillance Schedule Timetables”. The Global Properties tab, where you can specify whether to aggregate specific program alerts or suppress duplicate alerts. To configure alert aggregation, see “Configuring Alert Aggregation”. To configure duplicate alert suppression, see “Configuring Duplicate Alert Suppression” The Details tab, which displays the source definition of a surveillance schedule. For more information, see “Viewing Surveillance Schedule Details”.
Creating a Surveillance Schedule | |
This section describes about how to create a surveillance schedule. To create a surveillance schedule, follow these steps: Create a surveillance schedule name. The schedule will contain one or more surveillance groups. For more information, see “Configuring Surveillance Schedules”. You must create a new schedule If a current schedule does not include the groups you want If the group or template properties need to be different If you need the same group and templates to run at different times
Create one or more groups, as needed. Each group will contain one or more detection templates. For more information, see “Configuring Surveillance Schedules”. You must create a new group If a current group does not include the templates you want If the template properties need to be different If you need the same templates to run at different times
In the new groups, choose which templates to use, revising the values of the properties as needed. A template can have different properties in different groups. For more information, see “Configuring Detection Templates”. Choose which groups to include in your schedule. For each group in your schedule, specify the days and times that it must run. For more information, see “Setting Surveillance Schedule Timetables”.
Opening the Schedule Manager Screen | |
This section describes about how to open the Schedule Manager screen: To open the Schedule Manager screen, follow the step given below: On the System Manager screen, perform one of the following steps: Choose the Edit > Schedule Manager menu option Double-click anywhere in the Schedules panel or on a schedule name
The Schedule Manager screen (Figure 5-1) is displayed with the Configure tab active.
Closing the Schedule Manager Screen | |
This section describes about how to close the Schedule Manager screen: To close the Schedule Manager screen, follow the step given below: On the Schedule Manager screen, perform one of the following steps: Choose the File > Close menu option
If you have modified but not saved the current schedules, the changes are retained in memory but not saved to disk. They are automatically saved when the System Manager exits.
|
Printable version
