Configuring Surveillance Groups

Surveillance groups are the building blocks of surveillance schedules. They are made up of one or more detection templates. You can create, edit, modify. or delete surveillance groups. You can also choose to edit one of the predefined surveillance groups.




	NOTE: The `/etc/opt/ids/schedules/sample/groups` directory contains read-only copies of the predefined surveillance groups. Users who want to revert back to the original predefined surveillance groups can manually copy them from `/etc/opt/ids/schedules/sample/groups` into `/etc/opt/schedules/groups`.

Creating a New Surveillance Group

To create a new surveillance group, follow the steps:

On the Schedule Manager screen select the Configure tab.
Create a new name for the new surveillance group using the following steps:
1. Click the New button on the Surveillance Groups panel. This opens the New Surveillance Group dialog box (Figure 5-5).
  Figure 5-5 New Surveillance Group Dialog
2. Enter a name in the input field. Valid characters are alphanumeric and underscore; the first character must be alphanumeric. Surveillance group names are case-sensitive. If you include invalid characters, you will be prompted to have them replaced with underscores.
3. Click OK to accept and Cancel to exit the dialog box.
A new group is initialized with no templates selected. All template properties have their default values.
To set up the new group, use the steps in “Modifying a Surveillance Group”.

Copying a Surveillance Group

If an existing surveillance group is similar to what you want, you can copy the group and rename it, or directly edit the existing group. For example, if you wanted a group to run from 9 a.m. to 5 p.m. Monday through Friday . On Saturday and Sunday the group must run for 24 hours. To set this schedule for Saturday and Sunday copy the Monday-Friday group and set a different timetable in the Saturday-Sunday group.

To copy a surveillance group, follow the steps:

On the Schedule Manager screen select the Configure tab.
Select the group you want to copy in the Surveillance Groups panel.
Create a name for the new surveillance group.
1. Click the Copy button on the Surveillance Groups panel. This opens the Copy Surveillance Group dialog box (Figure 5-6).
  Figure 5-6 Copy Surveillance Group Dialog
2. Enter a name in the input field. Valid characters are alphanumeric and underscore; the first character must be alphanumeric. Schedule group names are case-sensitive. If you include invalid characters, you will be prompted to replace them with underscores.
3. Click OK to accept and Cancel to quit the dialog box.
The new group’s templates and values are identical to the old group’s.
To revise the new group, follow the procedure provided in the “Modifying a Surveillance Group”.

Modifying a Surveillance Group

To modify a surveillance group, follow the steps:

On the Schedule Manager screen select the Configure tab.
Select the group to be modified in the Surveillance Groups panel.
In the Select column of the Templates panel, click the check boxes to mark the templates you want to include in the group. You can also use the Select All and Clear All buttons to mark all or none of the templates.
Using the Templates and Properties panels, edit the property values. For more information, see “Configuring Detection Templates”.




	NOTE: You cannot modify, rename, or delete a surveillance group if it is in a schedule that is currently scheduled or running on an agent host. For more information, see Chapter 4: “Using the System Manager Screen”.

Renaming a Surveillance Group

This section provides steps to rename a Surveillance Group.

To rename a surveillance group, follow the steps:

On the Schedule Manager screen select the Configure tab.
Select the group in the Surveillance Groups panel.
Click the Rename button in the Surveillance Groups panel to open the Rename Surveillance Group dialog box (Figure 5-7).
Figure 5-7 Rename Surveillance Group Dialog
Edit the name in the input field. Valid characters are alphanumeric and underscore. The first character must be alphanumeric. Group names are case-sensitive. If you include invalid characters, you will be prompted to replace them with underscores.
Click OK to change the name and Cancel to leave the name unchanged.

Deleting a Surveillance Group

This section provides steps to delete a Surveillance Group.




	NOTE: You cannot delete any predefined group, distributed with HP-UX HIDS. See “Predefined Surveillance Schedules and Groups”.

To delete a surveillance group, follow the steps:

On the Schedule Manager screen select Configure tab.
Select the group in the Surveillance Groups panel.
Click the Delete button in the Surveillance Groups panel. This displays the Confirm Deletion dialog box.
Click Yes to delete the group. Click No to retain the group.

Undoing and Redoing Changes

You can roll back and forth for the changes that you have made by using the Undo and Redo buttons. For more information, see “Undoing and Redoing Changes”.

Saving a Surveillance Group

The newly created Surveillance Group is automatically saved when you save any schedule (“Saving a Surveillance Schedule”) and every time you exit from the System Manager screen.