cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
728
Views
0
Helpful
2
Replies

Threat detection log entries in multi context mode

jones.alexander
Level 1
Level 1

Hey guys,

We have a 5585X running in multi context mode, and we are getting log entries for scanning threat detection, such as:

%ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 2 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 3116

Threat detection is not supported in multi context mode so I cannot tune the thresholds, is there any way that I can get rid of this outside of messing about with logging levels/message IDs?

2 Replies 2

Jitendra Siyag
Level 1
Level 1

check the output of  show run threat-detection or show run | in threat in all contexts.

it there is any config enabled then negate it using no command.

The only config under any context is:

pri/act/fakename/admin# sh run | inc threat

no threat-detection statistics tcp-intercept

Which is also the only threat-detection config available:

pri/act/fakename/admin(config)# threat-detection ?

configure mode commands/options:

  statistics  Keyword to configure statistics of threat detection

Review Cisco Networking for a $25 gift card