User guide
Chapter 11: Configuring Local Tuning Parameters
130
engine.adapter.low-water.default number 1 The minimum number of
packets per traffic sampling
interval that are expected to
flow on each adapter. The low-
water mark is used as the
threshold to issue
Network_Quiet and
Network_Normal audit events.
engine.droplog.enabled boolean false Determines whether logging of
dropped packets is enabled.
engine.droplog.fileprefix string /var/iss/drop The drop log file name prefix.
engine.droplog.filesuffix string .enc The drop log file name suffix.
engine.droplog.flush boolean false Disables buffering of dropped
packets. Enabling this adversely
affects performance.
engine.droplog.maxfiles number 10 The number of drop log files to
save.
engine.droplog.maxkbytes number 10000 (kb) The maximum size of a drop log
file.
engine.evidencelog.fileprefix string /var/iss/
evidence
The evidence file name prefix.
engine.evidencelog.filesufffix string .enc The evidence file name suffix.
engine.evidencelog.maxfiles number 10 The number of evidence files to
save.
engine.evidencelog.maxkbytes number 10000 (kb) The maximum size of an
evidence file.
engine.log.file string /var/iss/
engine#.log
The engine log file name.
engine.pam.logfile string /var/iss/
pam#.log
The PAM log file name.
engine.statistics.interval number 120 The number of seconds
between statistics gathering.
np.drop.invalid.checksum string true Determines whether to block
packets with checksum errors in
inline protection mode.
np.drop.invalid.protocol string true Determines whether to block
packets that violate protocol in
inline protection mode.
np.drop.resource.error string false Determines whether to block
packets if there are insufficient
resources to inspect them in
inline protection mode.
Name Type Default Value Description
Table 37: Common advanced tuning parameters (Continued)