Options of Events
You can create global actions for event, and set other options about event in Event Options page.
Figure 14-6. Options of Events
Global Actions
You can set up global actions and associate them with different event severities. Event action is discussed in more detail in Event Actions.Other Options
- The max number of actions in the pending queue: There is a queue to keep the actions need to be executed, and make these actions execute one by one. This option specify the max number of actions in the pending queue, if the number of pending acitons exceeds this number, the new actions will be discarded. This number shoud be 10-100.
- The max number of events in memory: Specify the max number of events kept by AthTek NetWalk.
- When the number of events reaches the limit: Specify the action when the events exceeds the max number set in previous option.
- The interval between two same packet events(sec): This option avoids storm of packet events when there are some unreasonable packet events.
- Disable event action during opening trace file: Generally, the event action is used to defend intrusion (by executing a program) or warn network manager in real-time monitor mode. In post-capture analysis mode, the event action is not very meaningful. So the event action almost should be disabled in post-capture analysis mode (i.e. opening trace file).