To reduce the number of events being logged, Server & Workload Protection can be configured to operate in one of several Advanced Logging Policy modes. These modes are set in the Computer or Policy editor on the area.
The following table lists the types of events that are ignored in four of the more
complex Advanced Logging Policy modes:
Mode
|
Ignored Events
|
Stateful and Normalization Suppression
|
Out Of Connection Invalid Flags Invalid Sequence Invalid ACK Unsolicited UDP
Unsolicited ICMP Out Of Allowed Policy Dropped Retransmit
|
Stateful, Normalization, and Frag Suppression
|
Out Of Connection Invalid Flags Invalid Sequence Invalid ACK Unsolicited UDP
Unsolicited ICMP Out Of Allowed Policy CE Flags Invalid IP Invalid IP Datagram
Length Fragmented Invalid Fragment Offset First Fragment Too Small Fragment Out
Of Bounds Fragment Offset Too Small IPv6 Packet Max Incoming Connections Max Outgoing
Connections Max SYN
Sent License Expired IP Version Unknown Invalid Packet Info Maximum ACK Retransmit
Packet on Closed Connection Dropped Retransmit
|
Stateful, Frag, and Verifier Suppression
|
Out Of Connection Invalid Flags Invalid Sequence Invalid ACK Unsolicited UDP
Unsolicited ICMP Out Of Allowed Policy CE Flags Invalid IP Invalid IP Datagram
Length Fragmented Invalid Fragment Offset First Fragment Too Small Fragment Out
Of Bounds Fragment Offset Too Small IPv6 Packet Max Incoming Connections Max Outgoing
Connections Max SYN
Sent License Expired IP Version Unknown Invalid Packet Info Invalid Data Offset
No IP Header Unreadable Ethernet Header Undefined Same Source and Destination IP
Invalid TCP Header Length Unreadable Protocol Header Unreadable IPv4 Header Unknown
IP Version Maximum ACK Retransmit Packet on Closed Connection Dropped Retransmit
|
Tap Mode
|
Out Of Connection Invalid Flags Invalid Sequence Invalid ACK Maximum ACK Retransmit
Packet on Closed Connection Dropped Retransmit
|