More tuning parameters

For Network IPS appliances, use these tuning parameters to tune logging, dropped packets, statistics, the WAP policy, and other administrative features.

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Advanced IPS > Tuning Parameters

Navigating in the SiteProtector™ system: select the Tuning Parameters policy

Table 1. More tuning parameters
Parameter Type Default Value Description
crm.history.enabled Boolean True Determines whether to log administrative history.
crm.history.file String var/iss/crmhistory.log Specifies the administrative history file name.
crm.policy.numbackups Number 4 Specifies the number of previous policy files to save.
crm.quarantine.utc Boolean False Instructs the appliance to display the expiration time for quarantine rules in a format that conforms with RFC 3339 when set to True.
engine.droplog.fileprefix String var/iss/drop Specifies the drop log file name prefix.
engine.droplog.filesuffix String .enc Specifies the drop log file name suffix.
engine.droplog.flush Boolean False Disables buffering of dropped packets.
Important: Enabling this parameter adversely affects performance.
engine.droplog.maxfiles Number 10 Specifies the number of drop log files to save.
engine.droplog.maxkbytes Number 10000 kB Specifies the maximum size of a drop log file.
engine.log.file String var/iss/engine#.log Specifies the engine log file name.
engine.logevidence.file.timeout Number 15 (minutes) Specifies how long evidence logging continues to capture packets when suspicious traffic stopped but the suspicious session remains open. Minimum value is 5 minutes and the maximum value is 30 minutes.
engine.pam.logfile String var/iss/pam#.log Specifies the PAM log file name.
GX7000 series only engine.restart.count String 3 Sets the protection ports on a GX7000 series appliance to bypass mode when the net engine process fails a set number of times in a set number of seconds. Use with engine.restart.interval.
GX7000 series only engine.restart.interval String 18000 seconds Sets the protection ports on a GX7000 series appliance to bypass mode when the net engine process fails a set number of times in a set number of seconds. Use with engine.restart.count.
engine.statistics.interval Number 120 Specifies the number of seconds between statistics gathering.
np.log.droped Boolean False Determines whether to log the details of dropped packets to a .csv formatted text file.
np.log.events Boolean False Determines whether to log the details of detected events to a .csv formatted text file.
ppd.wap.override.disable Boolean True Disables the WAP Override fix. Leave the WAP Override fix enabled (set to True) by default.
sm.linklost.sev String Medium Specifies the type of alert message that notifies you in the Network IPS Local Management Interface (LMI) at Appliance Dashboard > Network Health or in the SiteProtector system at Agent view > Health Summary when there is a port disconnection on one of the security interfaces.
The following notification types are available for this option:
  • Low: Does not display a notification.
  • Medium: Displays a warning that there is a port disconnection on one of the security interfaces. This notification type is the default option.
  • High:
    • In the Network IPS LMI, displays an alert that there is a port disconnection on one of the security interfaces.
    • In the SiteProtector system, displays the agent status as unhealthy.
spa.agentname.uptime Boolean False Sets the uptime of the appliance to display in the SiteProtector system.
sys.boot.sev String Medium Determines the severity of the SiteProtector system alert that notifies you that the appliance restarted in the last 24 hours.