Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA CSC-SSM - Drop Rate Exceeded

Hi,

On ASA 5520 with CSC-SSM, I am getting the below log message. What does it mean ?

4|Apr 05 2009 09:45:52|733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 13 per second, max configured rate is 5; Cumulative total count is 8155

1 REPLY
Bronze

Re: ASA CSC-SSM - Drop Rate Exceeded

Recommended Action:

Perform these steps according to the specified object type that appears in the message:

1.

If the object in the syslog message is one of these:

*

Firewall

*

Bad pkts

*

Rate limit

*

DoS attack

*

ACL drop

*

Conn limit

*

ICMP attk

*

Scanning

*

SYN attck

*

Inspect

*

Interface

Check whether the drop rate is acceptable for the running environment.

2.

Adjust the threshold rate of the particular drop to an appropriate value by running the threat-detection rate xxx command, where xxx is one of these:

*

acl-drop

*

bad-packet-drop

*

conn-limit-drop

*

dos-drop

*

fw-drop

*

icmp-drop

*

inspect-drop

*

interface-drop

*

scanning-threat

*

syn-attack

3.

If the object in the syslog message is a TCP or UDP port, an IP protocol, or a host drop, check whether the drop rate is acceptable for the running environment.

4.

Adjust the threshold rate of the particular drop to an appropriate value by running the threat-detection rate bad-packet-drop command. Refer to the Configuring Basic Threat Detection section of the ASA 8.0 Configuration Guide for more information.

634
Views
0
Helpful
1
Replies
CreatePlease login to create content