11-01-2013 11:21 AM - edited 03-11-2019 07:59 PM
Is there a command to determine the events per second that an ASA is generating? I can see the total messages logged, but can't tell what measurement of time they're associated with.
thank you
11-01-2013 06:46 PM
hi william,
are you referring to threat detection rate?
what syslogs are you looking? kindly post them.
11-04-2013 06:32 AM
Hi John. No, I'm looking to gather statistics on how many syslog messages I'm sending per second. I have it set to notifications and we're trying to guauge some requirements for an event correlation product, so I'm trying to determine how many events per second our ASAs are generating.
thank you
11-04-2013 07:11 AM
hi william,
thanks for you feedback! you could verify if the the 'rate-limit' for syslog is enabled on the ASA.
see sample below.
ASA5505(config)# logging rate-limit ?
configure mode commands/options:
<1-2147483647> Specify logging rate-limit number
unlimited Specify unlimited option for rate-limit
ASA5505(config)# logging rate-limit 100 ?
configure mode commands/options:
<1-2147483647> Specify logging rate-limit interval
level Specify logging level for rate-limit
message Specify the syslog id for rate-limit
ASA5505(config)# logging rate-limit 100 1 ? <<< 100 LOGS EVERY 1 SECOND
configure mode commands/options:
level Specify logging level for rate-limit
message Specify the syslog id for rate-limit
ASA5505(config)# logging rate-limit 100 1 level ?
configure mode commands/options:
<0-7> Enter syslog level (0 - 7)
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
ASA5505(config)# logging rate-limit 100 1 level 7
ASA5505(config)# sh run logging
logging rate-limit 100 1 level 7
11-04-2013 07:27 AM
That command wasn't enabled, but I just added it.
11-04-2013 08:09 AM
cool! i hope that was what you're looking for.
please help rate the post or mark as 'correct answer' if it's resolved.
11-04-2013 08:28 AM
sort of John. That allows me to define the statisitic, but how could I tell how much is being dropped? I guess I'm looking for some counters somewhere.
thanks again
11-04-2013 09:01 AM
Hi,
The only command that I can think of is the 'show logging.'
I saw it's also mentioned on the URL:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1773894
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide