Chapter 5 Events: Logs, Traffic Streams, Reports

require notification, but this difference only comes into play when network traffic matches or nearly matches these filters. Firewall rules with logging enabled also consume more memory.

TIP To reduce memory and disk usage, use the LSM to make the following filter adjustments:

Reduce the number of IPS filters that use alerts

Reduce usage of packet trace and e-mail notification on action sets

Increase aggregation periods for action sets that include alerts

Use more global filters and fewer filter overrides

Deactivate filters that do not apply to your network (for example: IIS filters are not relevant if you only have Apache servers)

Reset logs from the System Summary page or use the CLI clear log command. The clear log command will clear all log entries from all log files. For record keeping, you may want to download existing log files before resetting a log, or configure a remote syslog server to offload the logs.

Delete previously installed TOS version images from the System Update page.

Reduce the number of Firewall rules with logging enabled.

Reduce the inactivity timeout on Firewall rules. This allows the firewall to discard inactive sessions more quickly.

Module Health

The Module Health section of the Monitor page displays the current status of the module that are inside the chassis of the device. The following information is provided.

Table 5–13: Module Health

Column

Description

 

 

 

 

Module

A brief description of the type of module. Possible values:

 

Management Processor — The central processing and control system for the

 

device.

 

Threat Suppression Engine — The TSE (the IPS engine) provides full threat

 

detection and suppression. Receives data from the Ethernet ports, performs

 

deep packet inspection on the data, and permits or blocks the data based on

 

configuration of Security Profiles and traffic threshold policy. When you click

 

the link, it displays the IPS Preferences page. See “Configure Threat

 

Suppression Engine (TSE)” on page 58.

 

Ethernet Ports— The Ethernet ports on the X family device. When you click

 

the link, it displays the Port Health page with detailed information on each

 

port. See “Port Health” on page 120.

 

 

Configuration

• A one-word description of the configuration of the module. Possible values:

 

• Simplex — A communications channel that can carry a signal in one direction

 

• Duplex — A communications channel that can carry signals in both directions

 

 

118X Family LSM User’s Guide V 2.5.1