Iplog sizes on several of our sensors have somehow changed from what I thought was the default size of 51200 to just over 1.04MB. I have searched the "conf" files and cannot find where this larger size is being defined.
All of these sensors are on S17.
Does anyone know where this might be defined so I can go reset it?
We raised the default size in version 3.0(1)S4 or one of it's Service Packs.
The token is not there by default in many cases (such as when being managed by CSPM).
So if you need to change the size then you need to add that token to loggerd.conf with the size you want.
If using nrConfigure, edit the loggerd.conf file on the sensor, and then double click on the sensor in nrConfigure to pull across the changed loggerd.conf file. nrConfigure won't be able to configure it, but will place it at the bottom of the loggerd.conf file anytime configs are pushed out.
If using CSPM, you will have to add the token to the loggerd.conf template file for the sensor version you are working with. DO a find for a template directory. Look for your sensor version, and a loggerd.conf file. If there is not one in that directory then go to the previous version until you find one. Once you find the loggerd.conf then edit it, and add the token.
When you push a new sensor config, CSPM will read in those templates to create the new configuration files for the sensor.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...