Recommended Action:
Perform these steps according to the specified object type that appears in the message:
1.
If the object in the syslog message is one of these:
*
Firewall
*
Bad pkts
*
Rate limit
*
DoS attack
*
ACL drop
*
Conn limit
*
ICMP attk
*
Scanning
*
SYN attck
*
Inspect
*
Interface
Check whether the drop rate is acceptable for the running environment.
2.
Adjust the threshold rate of the particular drop to an appropriate value by running the threat-detection rate xxx command, where xxx is one of these:
*
acl-drop
*
bad-packet-drop
*
conn-limit-drop
*
dos-drop
*
fw-drop
*
icmp-drop
*
inspect-drop
*
interface-drop
*
scanning-threat
*
syn-attack
3.
If the object in the syslog message is a TCP or UDP port, an IP protocol, or a host drop, check whether the drop rate is acceptable for the running environment.
4.
Adjust the threshold rate of the particular drop to an appropriate value by running the threat-detection rate bad-packet-drop command. Refer to the Configuring Basic Threat Detection section of the ASA 8.0 Configuration Guide for more information.