Aurora Group Logo



IDSWatch™ FAQ



  1. What webservers can be used with IDSWatch?™
  2. What software must be installed?
  3. Can IDSWatch™ be used on a system separate from the IDS system?
  4. How much load does IDSWatch™ put on my IDS system?
  5. What security is available to limit access to IDSWatch™ ?
  6. Is it possible to mask displayed IP addresses?
  7. Is IDSWatch™ compatible with IPV6?
  8. What are the license terms?
  9. Is support available?
  10. If my support contract lapses, can I get an upgraded version of IDSWatch™?
  11. I need to run IDSWatch™ on multiple IDS systems.  Is a multiple system discount available?
  12. Can I monitor multiple IDS systems with IDSWatch™?
  13. Can I move IDSWatch™ to a different host?
  14. What systems can run IDSWatch™?
  15. Where is the configuration file documentation located?
  16.  Where is the configuration file located?
What webservers can be used with IDSWatch™?
Any web server that supports cgi scripts may be used with IDSWatch™.  We recommend mongoose, but apache is also supported.

What software must be installed?
IDSWatch™ requires Tcl8.5 to be installed on the system.  All other required software is contained in the installation.

Can IDSWatch be used on a system separate from the IDS system?
Yes, IDSWatch™ can communicate with the IDS database over a network.  Performance may be affected somewhat, however, depending on network latency. In addition, the database traffic will be included in the IDS scans if the traffic traverses a monitored network segment.  For best performance, we recommend IDSWatch™  to be installed on the IDS system.

How much load does IDSWatch™ put on my IDS system?
A typical IDSWatch™ page takes a fraction of a second of cpu time to build.  If the summary page is updated once a minute, average cpu load will increase approximately 1% when IDSWatch™ is used.  Results will vary based on the capability of your installed hardware and the particular webserver employed.

What security is available to limit access to IDSWatch™ ?
IDSWatch™ relies on your web server's access control mechanism to limit access to authorized users.

Is it possible to mask displayed IP addresses?
Yes.  In the configuration file, add the directive
   obfuscateips: y
then add one or more maskip directives
  maskip: 10.24  192.168
This directive will display all IP addresses starting with 10.24 as starting with 192.168.  This only affects the output display.  It will be effective on the next screen refresh.

Is IDSWatch™ compatible with IPV6?
Currently IP address display is limited to IPV4 addresses.  IPV6 support is currently in process.

What are the license terms?
IDSWatch™ is licensed to run on a single system.  There is no limitation on the number of users that may access it.  The IDSWatch™ program employs a license key to determine valid execution times. The standard period is 1 year; customers may purchase longer terms.

Is support available?
Initial IDSWatch™ customers receive one year of support which includes email and installation support, problem resolution and upgrades.  After the first year, support continues as long as a current software license is maintained.

If my license lapses, can I get an upgraded version of IDSWatch™?
Upgrades are only available to customers with current licenses.   If your license lapses you must purchase an initial license.

What is the release schedule?
We currently have a 6 month release schedule.

I need to run IDSWatch™ on multiple IDS systems.  Is a multiple system discount available?
Yes, multiple system discounts are available.  Contact us for details.

Can I monitor multiple IDS systems with IDSWatch™?
If multiple IDS systems feed their alert information into a single database, IDSWatch™ may be used to track alerts. If multiple databases are in use, multiple instances of IDSWatch™ must be used.

Can I move IDSWatch™ to a different host?
Yes, as long as the host is within your domain.

What systems can run IDSWatch™?
Currently most 32 and 64 bit Intel Linux and Solaris systems are supported.  Contact us for ports to other architectures.

Where is the configuration file documentation located?
All configuration items are documented in the sample configuration file included with the product.

Where is the configuration file located?
The configuration file path is located in /usr/local/etc/idswatch.conf