There was some penetration test happened and one machine has sent huge logs towards syslog server. Because of which whole bandwidth got choked and SSH access to all servers falling in that VLAN got lost,
Eventually, we had to restart the restart the servers from ILO.
Note – only SSH access was gone, rest all the service on servers were running fine on servers.
Is there any kind of hardening can be done on CISCO ASA Firewall’s to prevent receiving huge logs or preventing SSH logs issue. Please keep that in mind that we will not be aware of which source IP will be sending traffic.
Note that with login services like SSH you can often configure them to ignore more login attempts after "x" bad login attempts in "y" time. It is possible you tripped this threshold, and it was just blocking new connections.
The other option is you should enable this option on your servers. Maybe tell the servers to ignore connections attempts for 10 minutes if you get more than 20 failed attempts in 60s or something like that.