Add tuning parameters from this table to the Tuning Parameters page to tune logging, dropped packets, statistics, and other administrative features.
Navigating in IPS Local Management Interface:
Navigating in SiteProtector™ Management: select theTuning Parameters policy
Parameter | Type | Default Value | Description |
---|---|---|---|
crm.history.enabled | Boolean | True | Determines whether to log administrative history. |
crm.history.file | String | var/iss/crmhistory.log | Specifies the administrative history file name. |
crm.leef.enabled | Boolean | False | Sets the appliance to send IPS, SNORT, health
alert, and system alert events to the system log in the Log Event
Extended Format (LEEF) when set to True. Note: IPS
events include events from the security events, connection events,
user defined events, and OpenSignatures policies.
|
crm.leef.logsize | Number | 10 MB | Sets the size of the LEEF (Log Event Extended Format) system log the appliance sends to a security incident event manager (SIEM). You can configure the value from 1 MB to 100 MB. |
crm.policy.numbackups | Number | 4 | Specifies the number of previous policy files to save. |
crm.quarantine.utc | Boolean | False | Instructs the appliance to display the expiration time for quarantine rules in a format that conforms with RFC 3339 when set to True. |
engine.droplog.fileprefix | String | var/iss/drop | Specifies the drop log file name prefix. |
engine.droplog.filesuffix | String | .enc | Specifies the drop log file name suffix. |
engine.droplog.flush | Boolean | False | Disables buffering of dropped packets. Important: Enabling this adversely affects performance.
|
engine.droplog.maxfiles | Number | 10 | Specifies the number of drop log files to save. |
engine.droplog.maxkbytes | Number | 10000 kB | Specifies the maximum size of a drop log file. |
engine.log.file | String | var/iss/engine#.log | Specifies the engine log file name. |
engine.logevidence.file.timeout | Number | 15 (minutes) | Specifies how long evidence logging continues to capture packets when suspicious traffic has stopped but the suspicious session remains open. Minimum value is 5 minutes and the maximum value is 30 minutes. |
engine.pam.logfile | String | var/iss/pam#.log | Specifies the PAM log file name. |
engine.statistics.interval | Number | 120 | Specifies the number of seconds between statistics gathering. |
np.log.droped | Boolean | False | Determines whether to log the details of dropped packets in a .csv formatted text file. |
np.log.events | Boolean | False | Determines whether to log the details of detected events in a .csv formatted text file. |
sys.boot.sev | String | Medium | Determines the severity of the SiteProtector alert that notifies you that the appliance restarted in the last 24 hours. |