Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

How do I set the aggregation settings globally on the SMS?

    • Updated:
    • 22 Jan 2018
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Summary
Because a single packet can trigger an alert, attacks featuring large numbers of packets could potentially flood the alert mechanism. Alert aggregation enables you to receive alert notification at intervals to prevent this flooding. For example, if you set the aggregation period to five minutes, you will receive an email at the first trigger of a filter, and then subsequent alerts will be collected and then sent every five minutes.


Note: Alert notification is controlled by the aggregation period that you configured during the initial Email or SNMP Notification setup. The aggregation period is the amount of time that the device will accrue alerts before it sends a notification. The first time a particular filter is triggered, a notification is sent to the alert contact target. At the same time, the aggregation timer starts ticking down the aggregation period. During the aggregation period, further packet triggers are counted, but no notification is sent. At the end of the aggregation period, a second notification, including the packet count, is sent. The timer and the counter are reset, and will continue to cycle as long as the filter in question is active.

CAUTION: Short aggregation periods can significantly affect system performance. The shorter the aggregation period, the higher the system load. In the event of a flood attack, a short aggregation period can lead to system performance problems.

Details
Public

Procedure:

  1. Log in to the SMS from a client.
  2. From the top navigation pane, click Profiles. The Profiles screen displays.
  3. From the navigation pane on the left, click the + sign next to the IPS Profiles to expand the category and select Shared Settings.
  4. Select the Notification Contacts tab.
  5. For the Management Console Aggregation, enter an amount of minutes from 0 to 10,800.
  6. For the Device Remote Syslog Aggregation, enter an amount of minutes from 0 to 10,800.
  7. Click Save.

 

 

Reference: SMS User Guide

Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000100161
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.