Table of Contents
Advertisement
214 Monitoring
Tuning incident parameters
Setting Maximum Incidents
Setting Maximum Active Incident Life
2
In Symantec Network Security Configuration Parameters, click
Incident/Event Parameters > Incident Idle Time.
3
Enter a value for the parameter, in minutes. By default, the value for this
parameter is set to 10 minutes.
4
Click OK to save and exit.
Caution: You will lose any unsaved changes when you exit.
Maximum Incidents determines the maximum number of incidents allowed to be
active at a given time.
The default value is 50. Raise the value if you expect to see traffic streams with
more than 50 attacks at the same time.
To configure this parameter
1
Click Configuration > Node > Network Security Parameters.
2
In Select Node, choose the node from the pull-down list, and click OK.
3
In the left pane, click Maximum Incidents.
4
In the lower right pane, enter the number of incidents.
5
Click Apply.
6
In Apply Changes To, select the node to which to apply the parameter.
7
Click OK to save the changes to this node and close.
Note: We recommend that this value be set between 10 and 100. Increasing this
value can impact memory.
Maximum Active Incident Life determines how long an incident remains active,
before it is retired. This refreshes the aggregation statistics on a long-running
incident, and prevents the incident definition from becoming diffuse. If an
incident receives events after retirement, a new incident immediately forms so
that no events are lost. The default value is 6 hours.
To configure this parameter
1
Click Configuration > Node > Network Security Parameters.
Advertisement
Table of Contents
