09-08-2008 01:08 AM - edited 03-11-2019 06:41 AM
Hi can anyone explain the below. We have just installed ASA5550 ver 8.0.3 and replace a pix 525 and we are recieving these message alot
[ Scanning] drop rate-2 exceeded. Current burst rate is 8 per second, max configured rate is 8; Current average rate is 8 per second, max configured rate is 4; Cumulative total count is 29362
09-08-2008 07:00 AM
Sounds like threat-detection is enabled and configured to allow a burst rate of 4kbps. Can you post a running-configuration?
Check this:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#sol6
09-08-2008 07:39 AM
If you issue the command : sh run all,you can see the default configuration which you do not normally see.
You would see :
threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
which suggests the parameters for the " threat detection scanning threat feature ".
If you are getting too much of logs :
1. Disable threat detection altogether.The memory usage will also come down considerably when you do this.
2. Change the parameters by running the above command with different values.
I see that there is a match in burst rate value,so increase that to ,let's say 10.
I also see average configured rate is 4 and your f/w is seeing traffic of avg. rate of 8.So,change it to 10 or 12.That should take care of log messages.
Last,disable the message itself so that you do n't see it.
no logging message
Regards,
Sushil
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: