Setup

Do this procedure to add a script for custom variables correlation.

Procedure

  1. Copy the Lua script in /data/scriptable_variables
  2. Configure Guardian with this rule conf.user configure vi scriptable-variable script <script_name> in command-line interface (CLI) (<script_name> is the name of the file including the extension)
  3. Execute service n2osids stop, the intrusion detection system (IDS) process will be restarted automatically.

What to do next

It is advised that after the IDS process gets restarted, the corresponding log file (n2os_ids.log) is checked:

  • If the script was loaded successfully, an INFO log line like the example below will have been output:
    
    INFO: ScriptableVariablesScript: Successfully loaded script (script.lua)
            
  • If the script loading has failed, one or more ERROR log lines should be present in the log file, providing details on what the problem was.

After the above steps, the new scriptable variables correlation script will be loaded in Guardian and will be offered all variable updates.