More tuning parameters

Add tuning parameters from this table to the Tuning Parameters page to tune logging, dropped packets, statistics, and other administrative features.

Navigating in IPS Local Management Interface: Secure Protection Settings > Advanced IPS > Tuning Parameters

Navigating in SiteProtector™ Management: select theTuning Parameters policy

Table 1. More tuning parameters
Parameter Type Default Value Description
crm.history.enabled Boolean True Determines whether to log administrative history.
crm.history.file String var/iss/crmhistory.log Specifies the administrative history file name.
crm.leef.enabled Boolean False Sets the appliance to send IPS, SNORT, health alert, and system alert events to the system log in the Log Event Extended Format (LEEF) when set to True.
Note: IPS events include events from the security events, connection events, user defined events, and OpenSignatures policies.
crm.leef.logsize Number 10 MB Sets the size of the LEEF (Log Event Extended Format) system log the appliance sends to a security incident event manager (SIEM). You can configure the value from 1 MB to 100 MB.
crm.policy.numbackups Number 4 Specifies the number of previous policy files to save.
crm.quarantine.utc Boolean False Instructs the appliance to display the expiration time for quarantine rules in a format that conforms with RFC 3339 when set to True.
engine.droplog.fileprefix String var/iss/drop Specifies the drop log file name prefix.
engine.droplog.filesuffix String .enc Specifies the drop log file name suffix.
engine.droplog.flush Boolean False Disables buffering of dropped packets.
Important: Enabling this adversely affects performance.
engine.droplog.maxfiles Number 10 Specifies the number of drop log files to save.
engine.droplog.maxkbytes Number 10000 kB Specifies the maximum size of a drop log file.
engine.log.file String var/iss/engine#.log Specifies the engine log file name.
engine.logevidence.file.timeout Number 15 (minutes) Specifies how long evidence logging continues to capture packets when suspicious traffic has stopped but the suspicious session remains open. Minimum value is 5 minutes and the maximum value is 30 minutes.
engine.pam.logfile String var/iss/pam#.log Specifies the PAM log file name.
engine.statistics.interval Number 120 Specifies the number of seconds between statistics gathering.
np.log.droped Boolean False Determines whether to log the details of dropped packets in a .csv formatted text file.
np.log.events Boolean False Determines whether to log the details of detected events in a .csv formatted text file.
sys.boot.sev String Medium Determines the severity of the SiteProtector alert that notifies you that the appliance restarted in the last 24 hours.