Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Syslog message

     

 

  

[ Scanning] drop rate-1 exceeded. Current burst rate is 4 per second, max configured rate is 10; Current average rate is 7 per second, max configured rate is 5; Cumulative total count is 4424

Hi team,

 

I am using cisco ASA 5540.I have monitored my firewall through ASDM. In syslog message, I am getting the above mentioned message. So I want to remove the particular syslog message. How I remove above syslog message? what is purpose of getting this message?

 

Thanks and Regards,

Mohamed kabeer

 

 

 

  • Firewalling
4 REPLIES

Hi Kabeer, You would have

Hi Kabeer,

 

You would have enabled threat detection in your cisco asa if am not wrong. You can disable threat detection to avoid this message in syslog.

 

Regards

Karthik

New Member

Hi Karthik, Thanks for your

Hi Karthik,

 

Thanks for your response.

 

How I disable the threat detection in ASA. Can you please mention the CLI cmd? If I disable the syslog message. It will anything.

 

Thanks and Regards,

Mohamed kabeer.s

Hi, no threat-detection <your

Hi,

 

no threat-detection <your settings> what you have set in your firewall. This error you get because of many reasons.

 

or else you can disable the specific message as said by jouni to stop receiving such logs in to syslog.

 

so either you can tweak your configs or remove the threat-detection or that log message... option is yours....

Refer the below mentioned forum and cisco link for more idea....

https://supportforums.cisco.com/discussion/10724351/scanning-drop-rate-1-exceeded-messages

 

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCoQFjAB&url=http%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fsecurity%2Fasa-5500-x-series-next-generation-firewalls%2F113685-asa-threat-detection.html&ei=SDLOU4aqI9K3yASZ_YKQDA&usg=AFQjCNG3eYp-vwWZHgsW8dPnnrhoVTeG2w&bvm=bv.71198958,d.aWw

 

Regards

Karthik

Super Bronze

Hi, The message you have

Hi,

 

The message you have copied does not include the Syslog ID number for the message but it seems to me that it is 733100

 

You can disable the log message ID with the following command

 

logging message 733100

 

To my understanding the purpose of this message is to tell you that there is traffic destined through the ASA that is blocked and rate at which this traffic is blocked has gone over a specified treshold and therefore reported with a log message.

 

You can view the Cisco document related to this log message in the following page:

http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs.html#pgfId-4963969

 

Hope this helps :)

 

- Jouni

36
Views
0
Helpful
4
Replies