ASA Scanning logs

Unanswered Question
Sep 8th, 2008
User Badges:

Hi can anyone explain the below. We have just installed ASA5550 ver 8.0.3 and replace a pix 525 and we are recieving these message alot

[ Scanning] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 8 per second, max configured rate is 4; Cumulative total count is 29362

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
suschoud Mon, 09/08/2008 - 07:39
User Badges:
  • Gold, 750 points or more

If you issue the command : sh run all,you can see the default configuration which you do not normally see.

You would see :

threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8

which suggests the parameters for the " threat detection scanning threat feature ".

If you are getting too much of logs :

1. Disable threat detection altogether.The memory usage will also come down considerably when you do this.

2. Change the parameters by running the above command with different values.

I see that there is a match in burst rate value,so increase that to ,let's say 10.

I also see average configured rate is 4 and your f/w is seeing traffic of avg. rate of 8.So,change it to 10 or 12.That should take care of log messages.

Last,disable the message itself so that you do n't see it.

no logging message




This Discussion