Use the Tuning Parameters page to view the default parameters for the Network IPS appliance.
Navigating in the IPS Local Management Interface:
Navigating in SiteProtector™ Management: select theTuning Parameters policy
These tuning parameters are listed on the Tuning Parameters page of the appliance and are also listed in this topic.Parameter | Type | Default Value | Description |
---|---|---|---|
sensor.trace.level | Number | 3 | Specifies the appliance log level. |
engine.droplog.enabled | Boolean | False | Determines whether logging of dropped packets is enabled. |
engine.adapter.low-water.default | Number | 1 | Specifies the minimum number of packets per traffic sampling interval which are expected to flow on each adapter. |
engine.adapter.high-water.default | Number | 5 | Specifies the number of packets per traffic
sampling interval which are expected to flow on each adapter. Note: The
high-water mark is used to prevent multiple low traffic warnings from
being issued when the traffic is hovering around the low-water mark.
|
pam.traffic.sample | Boolean | True | Enables traffic sampling for detecting abnormal
levels of network activity. Note: This parameter affects the Network_Quiet and Network_Normal audit
events.
|
pam.traffic.sample.interval | Number | 300 | Specifies the interval, expressed in seconds, at which traffic flow is sampled to detect abnormal levels of network activity. |
np.statistics | State | on | Determines whether logging of PAM statistics is enabled. |
np.statistics.file.pam | String | /var/iss/pamstats.dat | Specifies the PAM statistics file name. |
np.statistics.file.npm | String | /var/iss/npmstats.dat | Specifies the protection statistics file name. |
np.log.quarantine.added | State | on | Logs the details of rules that are added to the quarantine table. |
np.log.quarantine.removed | State | on | Logs the details of rules that are removed from the quarantine table before they expired. |
np.log.quarantine.expired | State | on | Logs the details of rules that have expired from quarantine table. |
np.firewall.log | State | on | Determines whether to log the details of packets that match firewall rules that are enabled. |
np.firewall.log.size | Number | 100 | Specifies the maximum size of the firewall log
file in megabytes. Note: This option accepts integers only. It does
not accept decimals.
|
np.firewall.log.count | Number | 10 | Specifies the maximum number of firewall log files. |
np.log.size | Number | 100 | Specifies the maximum size of each events or dropped packets in megabytes. |
np.log.count | Number | 10 | Specifies the maximum number of event log files or dropped packet log files. |
np.drop.invalid.checksum | Boolean | True | Determines whether to block packets with checksum errors in inline protection mode. |
np.drop.invalid.protocol | Boolean | True | Determines whether to block packets that violate protocol in inline protection mode. |
np.drop.rogue.tcp.packets | Boolean | False | Determines whether to block packets that are not part of a known TCP connection in inline protection mode. |
np.drop.resource.error | Boolean | False | Determines whether to block packets if there are insufficient resources to inspect them in inline protection mode. |