Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1283
Views
0
Helpful
2
Replies

Log analysis

_Ratha_
Level 1
Level 1

‎01-06-2019 02:42 AM

%ASA-4-733100: [ x.x.x.x] drop rate-1 exceeded. Current burst rate is 9 per second, max configured rate is 10; Current average rate is 17 per second, max configured rate is 5; Cumulative total count is 20831

 

Can someone explain me what is the meaning of this message log?

 

Thanks,

Labels:
0 Helpful
2 Replies 2

marce1000
VIP
VIP

‎01-06-2019 03:01 AM

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html#anc12

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Andrew Khalil
Spotlight
Spotlight

‎01-06-2019 04:58 AM

Hello @_Ratha_

Greetings,

I get for you such an info. from an old post for  @Kureli Sankar, I guess it's enough to help! 

Symptom:
This is a documentation only defect.  syslog message 733100 needs to include
"host drop" reason.

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4963969

ASA-4-733100> [10.60.88.2] drop rate-2 exceeded. Current burst rate is 0 per 
second, max configured rate is 8; Current average rate is 5 per second, 
max configured rate is 4; Cumulative total count is 38086

Conditions:
None

Workaround:

Issue "show run all threat-detection".
The number of triggers of different thresholds can be checked in "show
threat-detection rate".

Syslog 733100 is related to scanning-rate, adjusting this parameter should be
able to resolve too many messages showing up in the syslogs.

In this case, tuning the command "threat-detection rate scanning-rate 3600
average-rate 15" stopped too many of these messages being logged. In other
cases one may have to increase the scanning-rate and average-rate to a higher
value.

The resolved syslog link: 
http://www.cisco.com/en/US/docs/security/asa/asa83/system/message/logmsgs.html#wp4963969 

Which means that this message is not a serious attack, Just the firewall is doing so many scannings and it raises a message about this.

you need to increase the average rate and the burst rate and you should not see it! 

Depending on your network and traffic that the firewall sees you may see these syslogs very often and you may have to tune the settings so, you don't see too many of these too often.

 

Also, I got for you these info.: 

Basic threat-detection is enabled by default and is disabled with:

    #no threat-detection basic-threat

For an idea of what's causing the log messages:

    #show threat-detection rate

 

Please, don't forget to rate all helpful replies!

Bst Rgds,

Andrew Khalil

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card