Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

ASA 8.x - threat-detection: show threat-detection rate access-list

Hi folks.

I'm tinkering around with threat-detection and in the docs (http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html)

it states:

To view the top 10 ACEs that match packets, including both permit and deny ACEs., use the access-list keyword. Permitted and denied traffic are not differentiated in this display. If you enable basic threat detection using the threat-detection basic-threat command, you can track access list denies using the show threat-detection rate access-list command.

However that command isn't even an option :

ASA# show threat-detection rate ?

acl-drop Enter this keyword to display access-list drop statistics

bad-packet-drop Enter this keyword to display key bad packet drop

statistics

conn-limit-drop Enter this keyword to display connection limit related drop

statistics

dos-attack-drop Enter this keyword to display key DoS attack drop

statistics

fw-drop Enter this keyword to display general firewall drop

statistics

icmp-drop Enter this keyword to display all icmp-related drop

statistics

inspect-drop Enter this keyword to display all inspection drop

statistics

interface-drop Enter this keyword to display key interface drop statistics

min-display-rate Enter this keyword to display rate statistics whose average

rate exceeds the min-display-rate.

scanning-threat Enter this keyword to display key scanning drop statistics

syn-attack Enter this keyword to display TCP SYN attack and no data

UDP session attack statistics

show threat-detection rate acl-drop

Average(eps) Current(eps) Trigger Total events

10-min ACL drop: 3 0 0 1982

1-hour ACL drop: 1 0 0 3737

I can get the ACL hits with show threat-detection statistics top access-list, but I'm interested in the ACE's:

ASA# show threat-detection sta top access-list

Top Name Id Average(eps) Current(eps) Trigger Total events

1-hour ACL hits:

01 inside_access_out/3.5 1 0 0 5214

02 inside_access_out/6.2 0 0 0 678

03 inside_access_out/3.6 0 0 0 95

04 inside_access_out/3.1 0 0 0 5

8-hour ACL hits:

01 inside_access_out/3.5 0 1 0 11060

02 inside_access_out/6.2 0 0 0 1862

03 inside_access_out/3.6 0 0 0 449

04 inside_access_out/3.1 0 0 0 9

05 inside_access_out/3.7 0 0 0 2

24-hour ACL hits:

01 inside_access_out/3.5 0 2 0 11060

02 inside_access_out/6.2 0 0 0 1862

03 inside_access_out/3.6 0 0 0 449

04 inside_access_out/3.1 0 0 0 9

05 inside_access_out/3.7 0 0 0 2

725
Views
0
Helpful
0
Replies
CreatePlease to create content