https://community.cisco.com/t5/network-security/csa-5-0-complexity-exceeds-maximum/m-p/912764#M85306 <HTML><HEAD></HEAD><BODY><P>Response from Cisco Tech Support.</P><P></P><P>This happens when there are too many literals in the ruleset. A literal is anything defined in a fileset. For example, foo.exe is 1 literal. foo.exe, foo2.exe are two literals. To reduce the literals and thus generate rules successfully, one needs to wildcard and generalize when possible. So foo*.exe would change the literals to 1 from 2 (from foo.exe and foo2.exe for example). The maximum literals is 7500.</P><P>Basically, for a little insight into why the value of 7500 was selected. The default rule sets have a complexity of no more than 2500. The internal Cisco Policy is not even double that value. So triple the default was selected to allow plenty of rule for customization.</P><P></P><P>If you exceed 7500 literals, rule generation would be extremely slow and would most likely timeout. </P><P> </P><P>As a rule of thumb: always wildcard where possible.</P><P></P></BODY></HTML> Mon, 12 Nov 2007 20:14:35 GMT eaglesecure 2007-11-12T20:14:35Z https://community.cisco.com/t5/network-security/csa-5-0-complexity-exceeds-maximum/m-p/912763#M85304 <P>Recently I was tuning out some false positives and was unable to generate the rules due to a complexity of greater than 7500 exceeds maximum of 7500. </P><P></P><P>I searched the forum and found out the there is a limit to the number of complexity points set at 7500. </P><P></P><P>The post says to remove old Rules/Groups and Rule Modules or try condesing all of those.</P><P></P><P>I have gone through and made the changes that would put me under the limit. But when I attempt to generate these rules to move under the limit I receive the same warning. </P><P></P><P>How can I get under the limit if I cannot generate any changes?</P> Sun, 10 Mar 2019 10:52:14 GMT https://community.cisco.com/t5/network-security/csa-5-0-complexity-exceeds-maximum/m-p/912763#M85304 eaglesecure 2019-03-10T10:52:14Z https://community.cisco.com/t5/network-security/csa-5-0-complexity-exceeds-maximum/m-p/912764#M85306 <HTML><HEAD></HEAD><BODY><P>Response from Cisco Tech Support.</P><P></P><P>This happens when there are too many literals in the ruleset. A literal is anything defined in a fileset. For example, foo.exe is 1 literal. foo.exe, foo2.exe are two literals. To reduce the literals and thus generate rules successfully, one needs to wildcard and generalize when possible. So foo*.exe would change the literals to 1 from 2 (from foo.exe and foo2.exe for example). The maximum literals is 7500.</P><P>Basically, for a little insight into why the value of 7500 was selected. The default rule sets have a complexity of no more than 2500. The internal Cisco Policy is not even double that value. So triple the default was selected to allow plenty of rule for customization.</P><P></P><P>If you exceed 7500 literals, rule generation would be extremely slow and would most likely timeout. </P><P> </P><P>As a rule of thumb: always wildcard where possible.</P><P></P></BODY></HTML> Mon, 12 Nov 2007 20:14:35 GMT https://community.cisco.com/t5/network-security/csa-5-0-complexity-exceeds-maximum/m-p/912764#M85306 eaglesecure 2007-11-12T20:14:35Z