Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3304
Views
0
Helpful
7
Replies

events per second

WILLIAM STEGMAN
Level 4
Level 4

‎11-01-2013 11:21 AM - edited ‎03-11-2019 07:59 PM

Is there a command to determine the events per second that an ASA is generating?  I can see the total messages logged, but can't tell what measurement of time they're associated with.

thank you         

Labels:
0 Helpful
7 Replies 7

johnlloyd_13
Level 9
Level 9

‎11-01-2013 06:46 PM

hi william,

are you referring to threat detection rate?

what syslogs are you looking? kindly post them.

0 Helpful

WILLIAM STEGMAN
Level 4
Level 4
In response to johnlloyd_13

‎11-04-2013 06:32 AM

Hi John.  No, I'm looking to gather statistics on how many syslog messages I'm sending per second.  I have it set to notifications and we're trying to guauge some requirements for an event correlation product, so I'm trying to determine how many events per second our ASAs are generating.

thank you

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to WILLIAM STEGMAN

‎11-04-2013 07:11 AM

hi william,

thanks for you feedback! you could verify if the the 'rate-limit' for syslog is enabled on the ASA.

see sample below.

ASA5505(config)# logging rate-limit ?

configure mode commands/options:

  <1-2147483647>  Specify logging rate-limit number

  unlimited       Specify unlimited option for rate-limit

ASA5505(config)# logging rate-limit 100 ?

configure mode commands/options:

  <1-2147483647>  Specify logging rate-limit interval

  level           Specify logging level for rate-limit

  message         Specify the syslog id for rate-limit

ASA5505(config)# logging rate-limit 100 1 ?    <<< 100 LOGS EVERY 1 SECOND

configure mode commands/options:

  level    Specify logging level for rate-limit

  message  Specify the syslog id for rate-limit

ASA5505(config)# logging rate-limit 100 1 level ?

configure mode commands/options:

  <0-7>          Enter syslog level (0 - 7)

  alerts         Immediate action needed           (severity=1)

  critical       Critical conditions               (severity=2)

  debugging      Debugging messages                (severity=7)

  emergencies    System is unusable                (severity=0)

  errors         Error conditions                  (severity=3)

  informational  Informational messages            (severity=6)

  notifications  Normal but significant conditions (severity=5)

  warnings       Warning conditions                (severity=4)

ASA5505(config)# logging rate-limit 100 1 level 7

ASA5505(config)# sh run logging

logging rate-limit 100 1 level 7

0 Helpful

WILLIAM STEGMAN
Level 4
Level 4
In response to johnlloyd_13

‎11-04-2013 07:27 AM

That command wasn't enabled, but I just added it. 

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to WILLIAM STEGMAN

‎11-04-2013 08:09 AM

cool! i hope that was what you're looking for.

please help rate the post or mark as 'correct answer' if it's resolved.

0 Helpful

WILLIAM STEGMAN
Level 4
Level 4
In response to johnlloyd_13

‎11-04-2013 08:28 AM

sort of John.  That allows me to define the statisitic, but how could I tell how much is being dropped?  I guess I'm looking for some counters somewhere.

thanks again

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to WILLIAM STEGMAN

‎11-04-2013 09:01 AM

Hi,

The only command that I can think of is the 'show logging.'

I saw it's also mentioned on the URL:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1773894


Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card