If you have an issue you feel is related to IDS it may help to turn off all of the collectors and see if the issue goes away. Once you have tested and confirmed the issue is resolved without any collectors enabled you can then enable them one at a time until the issue returns. If you are not using IDS, or if you are not using that particular feature of IDS, you many also have gained a workaround. This may particularly useful in the case of domain controllers which are logging a very large number of events.

 

[Event Management]

Events To Report Per Second=5

EventFile Rollover Type=0

EventFile Rollover Value=10        # Mb

 

[Statistics Management]

Collection Frequency=1200

HeartBeat Frequency=300

 

[File Collector]

Monitor Last Access Time=0

Enable Watched Files Checksum=0

File Collector Recursion Level=2

short poll interval=60                                                                     #seconds, Minimum value is 10

long poll interval=480                                                                     #minutes, Minimum value is 1

 

[Disk Monitor]

Lower Threshold=85

Upper Threshold=95

 

[IDSLogRules]

ids.log.rule.0=SEND"|"v1"|"DAUD,DFWW,DFWU,DGEN,DNTL,DIPS,DRGW,DSYS,DWTM,DUC2"|""|"inc"|"

ids.log.rule.1=SEND"|"v1"|"MSTA,MCON"|""|"inc"|"v4"|"I,C"|""|"inc"|"

ids.log.rule.2=SEND"|"v1"|"MERR,MSTD,MREP"|""|"inc"|"

 

[Log]

log.rule.0=SEND"|"v1"|"PBOP,PFIL,PNET,POSC,PREG,PPRC"|""|"inc"|"

log.rule.1=SEND"|"v1"|"PPST"|""|"eq"|"v4"|"W"|""|"eq"|"

log.rule.2=SEND"|"v1"|"MSTA,MCON"|""|"inc"|"v4"|"I,C"|""|"inc"|"

log.rule.3=SEND"|"v1"|"MERR,MSTD,MREP,MOVR"|""|"inc"|"