![trend micro security login trend micro security login](https://www.trenddefense.com/images/Worry-Free/worryfreeSlider1.jpg)
If you log packet modifications, it may cause too many log entries. For intrusion prevention rules, the best practice is to log only dropped packets.(For example, if you disable UDP logging, it will eliminate unsolicited UDP log entries.) Consider reducing the event logging of firewall rule activity by disabling the event logging options in the firewall stateful configuration.This can be done in the Events and Advanced Network Engine Options areas on the Computer or Policy editor > Settings > Advanced tab. On computers that are less important, modify the amount of logs collected.Regardless of the above settings, the cache is flushed whenever events are sent to Workload Security. If Cache Lifetime is 10 minutes and Cache Staletime is 2 minutes, an event record which has gone 2 minutes without being incremented will be flushed and written to disk. Cache Stale time: Determines how long to keep a record whose repeat count has not been recently incremented.If this value is 10 minutes and nothing else causes the record to be flushed, any record that reaches an age of 10 minutes gets flushed to disk. Cache Lifetime: Determines how long to keep a record in the cache before flushing it to disk.When a new type of event occurs, the oldest of the 10 aggregated events will be flushed from the cache and written to disk. Setting a value of 10 means that 10 types of events will be tracked (with a repeat count, first occurrence timestamp, and last occurrence timestamp). Cache Size: Determines how many types of events to track at any given time.To aggregate event entries, Deep Security Agents need to cache the entries in memory and then write them to disk. To save disk space, Deep Security Agents will take multiple occurrences of identical events and aggregate them into a single entry and append a "repeat count", a "first occurrence" timestamp, and a "last occurrence" timestamp. The following three settings let you fine tune event aggregation. Do Not Record Events with Source IP of: This option is useful if you don't want Workload Security to make record events for traffic from certain trusted computers.Once the maximum number of log files is reached, the oldest file will be deleted before a new one is created.
![trend micro security login trend micro security login](http://cdn1.expertreviews.co.uk/sites/expertreviews/files/styles/er_main_wide/public/2018/03/trend.jpg)