Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
4
Replies

Syslog message

Mohamed Kabeer S
Level 1
Level 1

‎07-21-2014 10:47 PM - edited ‎03-11-2019 09:30 PM

     

 

  

[ Scanning] drop rate-1 exceeded. Current burst rate is 4 per second, max configured rate is 10; Current average rate is 7 per second, max configured rate is 5; Cumulative total count is 4424

Hi team,

 

I am using cisco ASA 5540.I have monitored my firewall through ASDM. In syslog message, I am getting the above mentioned message. So I want to remove the particular syslog message. How I remove above syslog message? what is purpose of getting this message?

 

Thanks and Regards,

Mohamed kabeer

 

 

 

Labels:
0 Helpful
4 Replies 4

nkarthikeyan
Level 7
Level 7

‎07-21-2014 11:23 PM

Hi Kabeer,

 

You would have enabled threat detection in your cisco asa if am not wrong. You can disable threat detection to avoid this message in syslog.

 

Regards

Karthik

0 Helpful

Mohamed Kabeer S
Level 1
Level 1
In response to nkarthikeyan

‎07-22-2014 02:28 AM

Hi Karthik,

 

Thanks for your response.

 

How I disable the threat detection in ASA. Can you please mention the CLI cmd? If I disable the syslog message. It will anything.

 

Thanks and Regards,

Mohamed kabeer.s

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to Mohamed Kabeer S

‎07-22-2014 02:46 AM

Hi,

 

no threat-detection <your settings> what you have set in your firewall. This error you get because of many reasons.

 

or else you can disable the specific message as said by jouni to stop receiving such logs in to syslog.

 

so either you can tweak your configs or remove the threat-detection or that log message... option is yours....

Refer the below mentioned forum and cisco link for more idea....

https://supportforums.cisco.com/discussion/10724351/scanning-drop-rate-1-exceeded-messages

 

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCoQFjAB&url=http%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fsecurity%2Fasa-5500-x-series-next-generation-firewalls%2F113685-asa-threat-detection.html&ei=SDLOU4aqI9K3yASZ_YKQDA&usg=AFQjCNG3eYp-vwWZHgsW8dPnnrhoVTeG2w&bvm=bv.71198958,d.aWw

 

Regards

Karthik

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni

‎07-21-2014 11:24 PM

Hi,

 

The message you have copied does not include the Syslog ID number for the message but it seems to me that it is 733100

 

You can disable the log message ID with the following command

 

logging message 733100

 

To my understanding the purpose of this message is to tell you that there is traffic destined through the ASA that is blocked and rate at which this traffic is blocked has gone over a specified treshold and therefore reported with a log message.

 

You can view the Cisco document related to this log message in the following page:

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs.html#pgfId-4963969

 

Hope this helps :)

 

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card