Symantec 10521146 Administration Guide - Page 214
Setting Maximum Incidents, Setting Maximum Active Incident Life, Incident/Event Parameters
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 214 highlights
214 Monitoring Tuning incident parameters 2 In Symantec Network Security Configuration Parameters, click Incident/Event Parameters > Incident Idle Time. 3 Enter a value for the parameter, in minutes. By default, the value for this parameter is set to 10 minutes. 4 Click OK to save and exit. Caution: You will lose any unsaved changes when you exit. Setting Maximum Incidents Maximum Incidents determines the maximum number of incidents allowed to be active at a given time. The default value is 50. Raise the value if you expect to see traffic streams with more than 50 attacks at the same time. To configure this parameter 1 Click Configuration > Node > Network Security Parameters. 2 In Select Node, choose the node from the pull-down list, and click OK. 3 In the left pane, click Maximum Incidents. 4 In the lower right pane, enter the number of incidents. 5 Click Apply. 6 In Apply Changes To, select the node to which to apply the parameter. 7 Click OK to save the changes to this node and close. Note: We recommend that this value be set between 10 and 100. Increasing this value can impact memory. Setting Maximum Active Incident Life Maximum Active Incident Life determines how long an incident remains active, before it is retired. This refreshes the aggregation statistics on a long-running incident, and prevents the incident definition from becoming diffuse. If an incident receives events after retirement, a new incident immediately forms so that no events are lost. The default value is 6 hours. To configure this parameter 1 Click Configuration > Node > Network Security Parameters.