https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705142#M1025863 <HTML><HEAD></HEAD><BODY><P>Awesome. Thanks Hoogen, I really appreciate you taking the time to enlighten me. I will rate your post.</P><P></P><P>Mike</P></BODY></HTML> Mon, 19 Feb 2007 12:42:12 GMT mistr 2007-02-19T12:42:12Z https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705138#M1025854 <P>Hi everybody,</P><P> I have a router using CBAC with error messages such as this:</P><P></P><P>Feb 16 01:05:11.676 CET: %FW-4-ALERT_ON: getting aggressive, count (15/500) current 1-min rate: 501</P><P>Feb 16 01:05:14.017 CET: %FW-4-ALERT_OFF: calming down, count (10/400) current 1-min rate: 369</P><P></P><P>My understanding from docs online and also Richard Deal's book is that there were more than 500 connections started in the last minute which resulting in the first message, this then dropped below the low threshold of 400 resulting in the second message.</P><P></P><P>But I can find no mention anywhere on what the 'count (15/500)' and 'count (10/400)' numbers mean on each line. Is this how many sessions were blocked by CBAC in the last minute?</P><P>Can anyone enlighten me on this please?</P><P>Thanks</P><P></P><P>Mike</P> Mon, 11 Mar 2019 09:34:16 GMT https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705138#M1025854 mistr 2019-03-11T09:34:16Z https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705139#M1025857 <HTML><HEAD></HEAD><BODY><P>Rate of new connections is 15 in the last minute and has crossed the threshold of 500.</P><P></P><P>Again the rate of new connection is 10 and at present droppped near threshold 400.</P><P></P><P>HTH</P><P>Hoogen</P></BODY></HTML> Sun, 18 Feb 2007 16:13:01 GMT https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705139#M1025857 hoogen_82 2007-02-18T16:13:01Z https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705140#M1025859 <HTML><HEAD></HEAD><BODY><P>Hi Hoogen,</P><P> Thanks for the reply but I'm still a little confused. The error message says current 1-min rate:501 so how can there have been only 15 in the last minute?</P><P>Does that mean the rate of new connections has increased by 15 to 501 in the last minute? Ie in the previous minute it was 501-15=486?</P><P></P><P>Thanks </P><P></P><P>Mike</P></BODY></HTML> Mon, 19 Feb 2007 07:40:51 GMT https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705140#M1025859 mistr 2007-02-19T07:40:51Z https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705141#M1025862 <HTML><HEAD></HEAD><BODY><P>Yes you are right it has increased by 15 in the last minute and crossed the threshold of 500 and given you that log.</P><P></P><P>HTH</P><P>Hoogen</P><P></P><P>Do rate if I have helped out.</P></BODY></HTML> Mon, 19 Feb 2007 10:13:07 GMT https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705141#M1025862 hoogen_82 2007-02-19T10:13:07Z https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705142#M1025863 <HTML><HEAD></HEAD><BODY><P>Awesome. Thanks Hoogen, I really appreciate you taking the time to enlighten me. I will rate your post.</P><P></P><P>Mike</P></BODY></HTML> Mon, 19 Feb 2007 12:42:12 GMT https://community.cisco.com/t5/network-security/dos-error-messages-what-do-the-numbers-mean/m-p/705142#M1025863 mistr 2007-02-19T12:42:12Z