By default, the Sensor appliance only uploads attachments that are within a specific megabyte limit. Depending on when you installed the sensor, the default values may differ. In earlier software versions, we had a default 8MB limit. In more recent versions, the default limit was set to a 20MB limit. It is possible to increase the maximum size of an attachment we analyze as defined in the below maximums.

Important: In very old installations, there was an option to increase the max file size via an override.yaml entry, this is no longer required as this article allows the steps to be performed via the lastline_setup utility.

Please follow the below instructions to adjust the default file size maximum on the Manager or Sensor appliances.

Manager (also described in the Manager installation manual https://user.lastline.com/install-manuals/Manager_Installation_Manual.html#uploadsize ):

1. Log into the Manager using either console or SSH.
2. Run lastline_setup
3. Use analysis_max_upload_filesize_mb to set the max file size the system can analyze. For example, analysis_max_upload_filesize_mb 20 will set the max file size to 20MB.
4. Use save to save the change.

Sensor:

1. Log into the Sensor using either console or SSH.
2. Run lastline_setup
3. Use sensor_max_upload_filesize_mb to set the max file size the sensor can upload. For example, sensor_max_upload_filesize_mb 20 will set the max file size to 20MB.
4. Use save to save the change.

Now your system should start analyzing attachments up to 20MB. 

Note: The sensor will display "sensor_max_upload_filesize_mb = None" - the value of "None" shows by default and  means this has not been changed from the default (either 8MB or 20MB) but is not displayed.

Maximum values allowed:

• For  On-premise NSX Lastline Defender deployments, The maximum file size allowed is 100MB. Can be configured between 10 and 100.

• For  Hosted NSX Lastline Defender deployments, The maximum file size allowed is 64MB. Can be configured between 8 and 64.