ASA syslog problem(%ASA-4-733100)

Fuxiang Lin · ‎06-14-2015

Guys,

My ASA firewall generates a lot of syslogs about code: 733100, which means that packets dropped by thread scanning..

some of my logs as below:

May 14 00:00:20 myASA %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 20 per second, max configured rate is 30; Current average rate is 43 per second, max configured rate is 10; Cumulative total count is 26042

May 14 00:00:40 myASA %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 14 per second, max configured rate is 30; Current average rate is 43 per second, max configured rate is 10; Cumulative total count is 26170

May 14 00:01:21 myASA %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 31 per second, max configured rate is 30; Current average rate is 43 per second, max configured rate is 10; Cumulative total count is 26110

My Questions:

1. What actions should be taken to quiet down the device, as it generates the log every 20s all the day? Is it attacked or low threshold?

2. Why the average burst rate are always higher than the current rate?? what is the problem?

3. Why the total counts decrease as shown( 26042, 26170, 26110)? It should increase as I know.

Cisco Document about the error code: http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs.pdf

Vibhor Amrodia · ‎06-16-2015

Hi,

This Syslog is not necessarily going to imply the traffic is being dropped on the ASA device due to threat detection.

This is generated when the basic threat detection is enabled.

If these are being generated too many times , you can disable this syslog from the asa device altogether. "no logging message 733100"

Also , 2 point can be true for a particular instance.

Cumulative total means the total number of events seen during the sampling period.

This is not depicted as a rate but a number.

Thanks and Regards,

Vibhor Amrodia