01-06-2019 02:42 AM
%ASA-4-733100: [ x.x.x.x] drop rate-1 exceeded. Current burst rate is 9 per second, max configured rate is 10; Current average rate is 17 per second, max configured rate is 5; Cumulative total count is 20831
Can someone explain me what is the meaning of this message log?
Thanks,
01-06-2019 03:01 AM
M.
01-06-2019 04:58 AM
Hello @_Ratha_
Greetings,
I get for you such an info. from an old post for @Kureli Sankar, I guess it's enough to help!
Symptom:
This is a documentation only defect. syslog message 733100 needs to include
"host drop" reason.
http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4963969
ASA-4-733100> [10.60.88.2] drop rate-2 exceeded. Current burst rate is 0 per
second, max configured rate is 8; Current average rate is 5 per second,
max configured rate is 4; Cumulative total count is 38086
Conditions:
None
Workaround:
Issue "show run all threat-detection".
The number of triggers of different thresholds can be checked in "show
threat-detection rate".
Syslog 733100 is related to scanning-rate, adjusting this parameter should be
able to resolve too many messages showing up in the syslogs.
In this case, tuning the command "threat-detection rate scanning-rate 3600
average-rate 15" stopped too many of these messages being logged. In other
cases one may have to increase the scanning-rate and average-rate to a higher
value.
The resolved syslog link:
http://www.cisco.com/en/US/docs/security/asa/asa83/system/message/logmsgs.html#wp4963969
Which means that this message is not a serious attack, Just the firewall is doing so many scannings and it raises a message about this.
you need to increase the average rate and the burst rate and you should not see it!
Depending on your network and traffic that the firewall sees you may see these syslogs very often and you may have to tune the settings so, you don't see too many of these too often.
Also, I got for you these info.:
Basic threat-detection is enabled by default and is disabled with:
#no threat-detection basic-threat
For an idea of what's causing the log messages:
#show threat-detection rate
Please, don't forget to rate all helpful replies!
Bst Rgds,
Andrew Khalil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide