Attack to interface outside ASA 5510

Unanswered Question
Mar 28th, 2008
User Badges:

Hi, We are to pain very attack of DoS.

We want to know:

1. If we can see in the ASA which IP's and the percentage of total bandwidth usage in real time

2. or a software of Cisco or third to this.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
abinjola Fri, 03/28/2008 - 18:08
User Badges:
  • Cisco Employee,

Also about the bandwidth utilisation unfortunately that cant be found out on Pix/ASA

It is not possible to check with the bandwidth using syslogs at all. However, if the

bandwidth drops to 0 the Pix/ASA would report an error in syslog with the ID: 613002 and for

this you need to enable logging to level 6 (informational).

However, on PDM, it would show the system resources as well as the traffic passing

through the Pix/ASA.

I do understand that it is difficult to interpret the the output of syslogs as it always

would be huge and a bit confusing but there is no way out and just to copy them on a

notepad/wordpad and with the help of search can check with any ip address or any other

string. However, you can use some 3rd party softwares and refine the search based on ip

addresses or any other paramenters which are predifined on the softwares and it would

return you a clean output of the thing you are looking for. Below are the two links for

two different softwares.



For this kind of reporting, you will need to

have a software with reporting capability. The following are options for


Cisco Products:



Monitoring Center for Performance (MCP)


Some other third party products:

Network Intelligence Engine from Network Intelligence


Network Security Analyzer and FirewallAnalyzer Enterprise from eIQnetworks


Sawmill Log Analyzer from FlowerFire


These are just some to name. You can do a search on Google for other



This Discussion