Configuring the Console Settings
Step 3 Click the Console icon
Step 4 Enter values for the parameters:
Dropped transmit packets Type the threshold number of transmitted packets that are dropped per second due to a lack of space in the buffers. The default setting is 1.
Transmit carrier errors Type the threshold number of carrier errors that occur per second while transmitting packets. The default setting is 1.
Receive frame errors Type the threshold number of frame alignment errors that occur per second on received packets. The default setting is 1.
Receive fifo overruns Type the threshold number of First In First Out (FIFO) overrun errors that occur per second on received packets. The default setting is 1.
Transmit fifo overruns Type the threshold number of First In First Out (FIFO) overrun errors that occur per second on transmitted packets. The default setting is 1.
Table 5-14 Global System Notifications Parameters (continued)
Parameter Description
Table 5-15 STRM Log Manager Console Management Parameters
Parameter Description
Console Settings
Results Per Page Type the maximum number of results you want to display on the STRM Log Manager user interface. This parameter applies to the Log Activity and Reports tabs. For example, if the Default Page Size parameter is configured to 50, the Log Activity tab displays a maximum of 50 events.
The default setting is 40. The minimum is 0 and the maximum is 4294967294.
Configuring the Console Settings 85
Authentication Settings Persistent Session Timeout (in days)
Type the length of time, in days, that a user system will be persisted. The default setting is 0, which disables this feature. The minimum is 0 and the maximum is 4294967294.
Maximum Login Failures Type the number of times a login attempt may fail. The default setting is 5. The minimum is 0 and the maximum is 4294967294.
Login Failure Attempt Window (in minutes)
Type the length of time during which a maximum number of login failures may occur before the system is locked.
The default setting is 10 minutes. The minimum is 0 and the maximum is 4294967294.
Login Failure Block Time (in minutes)
Type the length of time that the system is locked if the maximum login failures value is exceeded. The default setting is 30 minutes. The minimum is 0 and the maximum is 4294967294.
Login Host Whitelist Type a list of hosts who are exempt from being locked out of the system. Type multiple entries using a
comma-separated list.
Inactivity Timeout (in minutes)
Type the amount of time that a user will be automatically logged out of the system if no activity occurs. The default setting is 0. The minimum is 0 and the maximum is 4294967294.
Login Message File Type the location and name of a file that includes content you want to display on the STRM Log Manager login window. The contents of the file are displayed below the current log in window.
The login message file must be located in the
opt/qradar/conf directory on your system. This file may be in text or HTML format.
Table 5-15 STRM Log Manager Console Management Parameters (continued)
Parameter Description
Authentication Settings Persistent Session Timeout (in days)
Type the length of time, in days, that a user system will be persisted. The default setting is 0, which disables this feature. The minimum is 0 and the maximum is 4294967294.
Maximum Login Failures Type the number of times a login attempt may fail. The default setting is 5. The minimum is 0 and the maximum is 4294967294.
Login Failure Attempt Window (in minutes)
Type the length of time during which a maximum number of login failures may occur before the system is locked.
The default setting is 10 minutes. The minimum is 0 and the maximum is 4294967294.
Login Failure Block Time (in minutes)
Type the length of time that the system is locked if the maximum login failures value is exceeded. The default setting is 30 minutes. The minimum is 0 and the maximum is 4294967294.
Login Host Whitelist Type a list of hosts who are exempt from being locked out of the system. Type multiple entries using a
comma-separated list.
Inactivity Timeout (in minutes)
Type the amount of time that a user will be automatically logged out of the system if no activity occurs. The default setting is 0. The minimum is 0 and the maximum is 4294967294.
Login Message File Type the location and name of a file that includes content you want to display on the STRM Log Manager login window. The contents of the file are displayed below the current log in window.
The login message file must be located in the
opt/qradar/conf directory on your system. This file may be in text or HTML format.
Table 5-15 STRM Log Manager Console Management Parameters (continued)
Parameter Description
Configuring the Console Settings 87
Step 5 Click Save.
Step 6 On the Admin tab menu, click Deploy Changes.
Event Permission Precedence
From the list box, select the level of network permissions you want to assign to users. This parameter affects the events that are displayed on the Log Activity tab. The options include:
• Network Only - A user must have access to either the source network or the destination network of the event to have that event display on the Log Activity tab.
• Devices Only - A user must have access to either the device or device group that created the event to have that event display on the Log Activity tab.
• Networks and Devices - A user must have access to both the source or the destination network and the device or device group to have an event display on the Log Activity tab.
• None - All events are displayed on the Log Activity tab. Any user with Log Activity role permissions is able to view all events.
For more information on managing users, see Managing User Roles and Accounts.
DNS Settings
Enable DNS Lookups for Host Identity
From the list box, select whether you want to enable or disable the ability for STRM Log Manager to search for host identity information. When enabled, this information is available in the right-click menu for any IP address on the STRM Log Manager user interface. The default setting is True.
Reporting Settings
Report Retention Period Type the period of time, in days, that you want the system to maintain reports. The default setting is 30 days. The minimum is 0 and the maximum is 4294967294.
Data Export Settings Include Header in CSV Exports
From the list box, select whether you want to include a header in a CSV export file.
Maximum Simultaneous Exports
Type the maximum number of exports you want to occur at one time. The default setting is 1. The minimum is 0 and the maximum is 4294967294.
Table 5-15 STRM Log Manager Console Management Parameters (continued)
Parameter Description
Index Management
The Index Management feature allows you to control database indexing on event properties. Indexing event properties allows you to optimize your searches. You can enable indexing on any property that is listed in the Index Management window and you can enable indexing on more than one property. The Index Management feature also provides statistics, such as:• The percentage of saved searches running in your deployment that include the indexed property
• The volume of data that is written to the disk by the index during the selected time frame
NOTE
To enable payload indexing, you must enable indexing on the Quick Filter property. For more information on payload indexing, see the Enable Payload Indexing for Quick Filtering Technical Note.
This section includes the following topics:
• Viewing the Index Management Window
• Enabling Indexes
Viewing the Index Management Window
The Index Management window lists all event properties that can be indexed and provides statistics for the properties. Toolbar options allow you to enable and disable indexing on selected event properties.
NOTE
Modifying database indexing may decrease system performance, therefore, we recommend that you monitor the statistics after enabling indexing on multiple properties.
To view the Index Management window:
Step 1 Click the Admin tab.
Step 2 On the navigation menu, click System Configuration.