07-30-2009 06:17 AM
I just upgrade our MARS to 6.03 and and I am getting this message from our ASA. I was simply going to place in a drop rule, but there is no IP address to use for the rule. The IP address are all NA.
Drop Rate Exceeded N/A 0 N/A N/A N/A
Can I create a rule to drp this alert?
08-05-2009 05:33 AM
After you upgrade MARS from version 6.0.2 to 6.0.3, it appears that drop rules are ignored.
Update your MARS with the patch release 6.0.3 (3188) (csmars-6.0.3.3190-customerpatch.zip) in order to correct the potential issues with drop rules.
The specified object in the system log message has exceeded the specified burst threshold rate or average threshold rate. The object can be drop activity of a host, TCP/UDP port, IP protocol, or various drops due to potential attacks. It indicates the system is under potential attack.
08-05-2009 05:50 AM
When I upgraded, I went from 4.36 to 6.03 3188. Drop rules are working.
The issue is I get the following messages:
Drop Rate Exceeded N/A N/A N/A N/A N/A Aug 5, 2009 6:38:55 AM PDT
From the ASA. I can't create a drop rule for those events as it needs an IP to drop from. How would I make a rule to not see these events?
08-08-2009 11:39 AM
drop rules do not need an IP. just create drop rule with wizzard and then edit created drop rule and change src to ANY. should be working
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide