Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Frequency and interval of log aggregation events in Deep Security

    • Updated:
    • 26 Sep 2017
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • N/A N/A
Summary

It is necessary for some users to record all the Deep Packet Inspection (DPI) events so that they can manage them in the Deep Security Manager. However, the record of DPI events is summarized because of the aggregation events. Know the conditions that trigger the aggregation.

Details
Public

Event aggregation only occurs when both of the following conditions are met:

  • Intrusion Prevention (IPS) action is set to "Log".
  • A single packet has multiple matches.
 
Same IPS events will aggregate within 60 seconds.

Based on the conditions above, the event aggregation would not occur if the IPS action is "Reset". Even if the log aggregation occurs, the IPS event count still matches the actual packet count.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1118321
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.