Default tuning parameters

View these default tuning parameters on the Tuning Parameters page.

Navigating in IPS Local Management Interface: Secure Protection Settings > Advanced IPS > Tuning Parameters

Navigating in SiteProtector™ Management: select theTuning Parameters policy

These tuning parameters are listed on the Tuning Parameters page of the appliance and are also listed in this topic.
Important: Do not delete any default tuning parameters without advisement from Technical Support.
Table 1. Default tuning parameters
Parameter Type Default Value Description
sensor.trace.level Number 3 Specifies the appliance log level.
engine.droplog.enabled Boolean False Determines whether logging of dropped packets is enabled.
engine.adapter.low-water.default Number 1 Specifies the minimum number of packets per traffic sampling interval which are expected to flow on each adapter.
engine.adapter.high-water.default Number 5 Specifies the number of packets per traffic sampling interval which are expected to flow on each adapter.
Note: The high-water mark is used to prevent multiple low traffic warnings from being issued when the traffic is hovering around the low-water mark.
pam.traffic.sample Boolean True Enables traffic sampling for detecting abnormal levels of network activity.
Note: This parameter affects the Network_Quiet and Network_Normal audit events.
pam.traffic.sample.interval Number 300 Specifies the interval, expressed in seconds, at which traffic flow is sampled to detect abnormal levels of network activity.
np.statistics State On Determines whether logging of PAM statistics is enabled.
np.statistics.file.pam String /var/iss/pamstats.dat Specifies the PAM statistics file name.
np.statistics.file.npm String /var/iss/npmstats.dat Specifies the protection statistics file name.
np.log.quarantine.added State On Logs the details of rules that are added to the quarantine table.
np.log.quarantine.removed State On Logs the details of rules that are removed from the quarantine table before they expired.
np.log.quarantine.expired State On Logs the details of rules that have expired from quarantine table.
np.firewall.log State On Determines whether to log the details of packets that match firewall rules that are enabled.
np.firewall.log.size Number 100 Specifies the maximum size of the firewall log file in megabytes.
Note: This option accepts integers only. It does not accept decimals.
np.firewall.log.count Number 10 Specifies the maximum number of firewall log files.
np.log.size Number 100 Specifies the maximum size of each events or dropped packets in megabytes.
np.log.count Number 10 Specifies the maximum number of event log files or dropped packet log files.
np.drop.invalid.checksum Boolean True Determines whether to block packets with checksum errors in inline protection mode.
np.drop.invalid.protocol Boolean True Determines whether to block packets that violate protocol in inline protection mode.
np.drop.rogue.tcp.packets Boolean False Determines whether to block packets that are not part of a known TCP connection in inline protection mode.
np.drop.resource.error Boolean Fales Determines whether to block packets if there are insufficient resources to inspect them in inline protection mode.