For Network IPS appliances, use these tuning parameters to tune logging, dropped packets, statistics, the WAP policy, and other administrative features.
Navigating in the Network IPS Local Management Interface:
Navigating in the SiteProtector™ system: select the Tuning Parameters policy
Parameter | Type | Default Value | Description |
---|---|---|---|
crm.history.enabled | Boolean | True | Determines whether to log administrative history. |
crm.history.file | String | var/iss/crmhistory.log | Specifies the administrative history file name. |
crm.policy.numbackups | Number | 4 | Specifies the number of previous policy files to save. |
crm.quarantine.utc | Boolean | False | Instructs the appliance to display the expiration time for quarantine rules in a format that conforms with RFC 3339 when set to True. |
engine.droplog.fileprefix | String | var/iss/drop | Specifies the drop log file name prefix. |
engine.droplog.filesuffix | String | .enc | Specifies the drop log file name suffix. |
engine.droplog.flush | Boolean | False | Disables buffering of dropped packets. Important: Enabling this parameter adversely affects performance.
|
engine.droplog.maxfiles | Number | 10 | Specifies the number of drop log files to save. |
engine.droplog.maxkbytes | Number | 10000 kB | Specifies the maximum size of a drop log file. |
engine.log.file | String | var/iss/engine#.log | Specifies the engine log file name. |
engine.logevidence.file.timeout | Number | 15 (minutes) | Specifies how long evidence logging continues to capture packets when suspicious traffic stopped but the suspicious session remains open. Minimum value is 5 minutes and the maximum value is 30 minutes. |
engine.pam.logfile | String | var/iss/pam#.log | Specifies the PAM log file name. |
GX7000 series only engine.restart.count | String | 3 | Sets the protection ports on a GX7000 series appliance to bypass mode when the net engine process fails a set number of times in a set number of seconds. Use with engine.restart.interval. |
GX7000 series only engine.restart.interval | String | 18000 seconds | Sets the protection ports on a GX7000 series appliance to bypass mode when the net engine process fails a set number of times in a set number of seconds. Use with engine.restart.count. |
engine.statistics.interval | Number | 120 | Specifies the number of seconds between statistics gathering. |
np.log.droped | Boolean | False | Determines whether to log the details of dropped packets to a .csv formatted text file. |
np.log.events | Boolean | False | Determines whether to log the details of detected events to a .csv formatted text file. |
ppd.wap.override.disable | Boolean | True | Disables the WAP Override fix. Leave the WAP Override fix enabled (set to True) by default. |
sm.linklost.sev | String | Medium | Specifies the type of alert message that notifies
you in the Network IPS Local Management Interface (LMI) at The following notification types
are available for this option:
|
or in the SiteProtector system
at when there is a port disconnection
on one of the security interfaces.
spa.agentname.uptime | Boolean | False | Sets the uptime of the appliance to display in the SiteProtector system. |
sys.boot.sev | String | Medium | Determines the severity of the SiteProtector system alert that notifies you that the appliance restarted in the last 24 hours. |