cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1070
Views
0
Helpful
2
Replies

Log analysis

_Ratha_
Beginner
Beginner

%ASA-4-733100: [ x.x.x.x] drop rate-1 exceeded. Current burst rate is 9 per second, max configured rate is 10; Current average rate is 17 per second, max configured rate is 5; Cumulative total count is 20831

 

Can someone explain me what is the meaning of this message log?

 

Thanks,

2 Replies 2

Andrew Khalil
Rising star
Rising star

Hello @_Ratha_

Greetings,

I get for you such an info. from an old post for  @Kureli Sankar, I guess it's enough to help! 

Symptom:
This is a documentation only defect.  syslog message 733100 needs to include
"host drop" reason.

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4963969

ASA-4-733100> [10.60.88.2] drop rate-2 exceeded. Current burst rate is 0 per
second, max configured rate is 8; Current average rate is 5 per second,
max configured rate is 4; Cumulative total count is 38086

Conditions:
None

Workaround:

Issue "show run all threat-detection".
The number of triggers of different thresholds can be checked in "show
threat-detection rate".

Syslog 733100 is related to scanning-rate, adjusting this parameter should be
able to resolve too many messages showing up in the syslogs.

In this case, tuning the command "threat-detection rate scanning-rate 3600
average-rate 15" stopped too many of these messages being logged. In other
cases one may have to increase the scanning-rate and average-rate to a higher
value.

The resolved syslog link:
http://www.cisco.com/en/US/docs/security/asa/asa83/system/message/logmsgs.html#wp4963969 

Which means that this message is not a serious attack, Just the firewall is doing so many scannings and it raises a message about this.

you need to increase the average rate and the burst rate and you should not see it! 

Depending on your network and traffic that the firewall sees you may see these syslogs very often and you may have to tune the settings so, you don't see too many of these too often.

 

Also, I got for you these info.: 

Basic threat-detection is enabled by default and is disabled with:

    #no threat-detection basic-threat

For an idea of what's causing the log messages:

    #show threat-detection rate

 

Please, don't forget to rate all helpful replies!

Bst Rgds,

Andrew Khalil

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers