Symantec 10521146 Administration Guide - Page 173
Saturation Counter Lapse Time, Maximum Time to Streak Analysis, Slow Scan Maximum IP Addresses Limit
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 173 highlights
Detecting 173 Configuring sensor detection Saturation Counter Lapse Time Saturation Counter Lapse Time regulates the time period to collect packets. The sensor must detect 2,048 packets in the time period set by this parameter and send them to analysis. If traffic moves slower than that, it skips analysis. If traffic exceeds the threshold, then it proceeds to analysis. The default is set to 5 seconds for optimum performance and sensitivity, and does not need to be changed under most circumstances. Valid values range from 0 to 3,600 (1 hour), inclusive. Consider changing it only for troubleshooting purposes, and with thorough knowledge of its functionality. If this parameter is set to lapse too often, such as 1 second, it decreases sensitivity to threshold alerts. It does not directly affect performance, and since it guards low-level threshold, fast traffic remains unaffected. Maximum Time to Streak Analysis Maximum Time to Streak Analysis regulates a periodic analysis, regardless of the number of packets detected, even if the sensor detects very little activity. In this way, it prevents the streak analysis functionality from being too quiet. The default is set to 10 for optimum performance and sensitivity, and does not need to be changed under most circumstances. Valid values range from 0 to 3600, inclusive. Consider changing it only for troubleshooting purposes, and with thorough knowledge of its functionality. Slow Scan Maximum IP Addresses Limit Slow Scan Maximum IP Addresses Limit regulates the number of IP addresses that the sensor monitors for slow scans. This pertains exclusively to port scans, not port sweeps. The default is set to 65,536 for optimum performance and sensitivity, and does not need to be changed under most circumstances. Valid values range from 1 to 1,000,000, inclusive. Consider changing it only for troubleshooting purposes, and with thorough knowledge of its functionality. Changes to this parameter can affect memory consumption. Note: Restart the sensor for changes to this parameter to take effect. Table element parameters The following parameters regulate the size of fragment tables of various types, which directly impacts memory consumption.