https://community.cisco.com/t5/network-security/asa-scanning-logs/m-p/1135693#M896740 <HTML><HEAD></HEAD><BODY><P>If you issue the command : sh run all,you can see the default configuration which you do not normally see.</P><P></P><P>You would see :</P><P></P><P>threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8</P><P></P><P></P><P>which suggests the parameters for the " threat detection scanning threat feature ".</P><P></P><P>If you are getting too much of logs :</P><P></P><P>1. Disable threat detection altogether.The memory usage will also come down considerably when you do this.</P><P></P><P>2. Change the parameters by running the above command with different values.</P><P></P><P>I see that there is a match in burst rate value,so increase that to ,let's say 10.</P><P>I also see average configured rate is 4 and your f/w is seeing traffic of avg. rate of 8.So,change it to 10 or 12.That should take care of log messages.</P><P></P><P>Last,disable the message itself so that you do n't see it.</P><P></P><P></P><P>no logging message <ID></ID></P><P></P><P></P><P>Regards,</P><P>Sushil</P></BODY></HTML> Mon, 08 Sep 2008 14:39:00 GMT suschoud 2008-09-08T14:39:00Z https://community.cisco.com/t5/network-security/asa-scanning-logs/m-p/1135691#M896735 <P>Hi can anyone explain the below. We have just installed ASA5550 ver 8.0.3 and replace a pix 525 and we are recieving these message alot</P><P></P><P>[ Scanning] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 8 per second, max configured rate is 4; Cumulative total count is 29362</P> Mon, 11 Mar 2019 13:41:01 GMT https://community.cisco.com/t5/network-security/asa-scanning-logs/m-p/1135691#M896735 network_team 2019-03-11T13:41:01Z https://community.cisco.com/t5/network-security/asa-scanning-logs/m-p/1135692#M896737 <HTML><HEAD></HEAD><BODY><P>Sounds like threat-detection is enabled and configured to allow a burst rate of 4kbps. Can you post a running-configuration?</P><P></P><P></P><P>Check this:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#sol6" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#sol6</A></P></BODY></HTML> Mon, 08 Sep 2008 14:00:04 GMT https://community.cisco.com/t5/network-security/asa-scanning-logs/m-p/1135692#M896737 jj27 2008-09-08T14:00:04Z https://community.cisco.com/t5/network-security/asa-scanning-logs/m-p/1135693#M896740 <HTML><HEAD></HEAD><BODY><P>If you issue the command : sh run all,you can see the default configuration which you do not normally see.</P><P></P><P>You would see :</P><P></P><P>threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8</P><P></P><P></P><P>which suggests the parameters for the " threat detection scanning threat feature ".</P><P></P><P>If you are getting too much of logs :</P><P></P><P>1. Disable threat detection altogether.The memory usage will also come down considerably when you do this.</P><P></P><P>2. Change the parameters by running the above command with different values.</P><P></P><P>I see that there is a match in burst rate value,so increase that to ,let's say 10.</P><P>I also see average configured rate is 4 and your f/w is seeing traffic of avg. rate of 8.So,change it to 10 or 12.That should take care of log messages.</P><P></P><P>Last,disable the message itself so that you do n't see it.</P><P></P><P></P><P>no logging message <ID></ID></P><P></P><P></P><P>Regards,</P><P>Sushil</P></BODY></HTML> Mon, 08 Sep 2008 14:39:00 GMT https://community.cisco.com/t5/network-security/asa-scanning-logs/m-p/1135693#M896740 suschoud 2008-09-08T14:39:00Z