troubleshooting Question

cisco asa logging unusual logs to the kiwi syslog server.

Avatar of mshaikh22
mshaikh22 asked on
Cisco
2 Comments1 Solution279 ViewsLast Modified:
Hi Experts,

I keep getting the following messages on the kiwi sys log server from the cisco asa firewall. I am trying to figure out, why are these being  generated and how i can get more clarity on them.  

11-30-2017      10:42:42      Local4.Warning      10.x.x.x      Nov 30 2017 15:42:42 ciscoasa : %ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 2 per second, max configured rate is 8; Current average rate is 20 per second, max configured rate is 4; Cumulative total count is 74899


This is my current config

FW# show run | i log
logging enable
logging timestamp
logging buffer-size 500000
logging buffered debugging
logging trap notifications
logging asdm informational
logging device-id hostname
logging host inside 10.x.x.2
logging host inside 10.x.x.26
logging permit-hostdown
logging class config buffered debugging

FW# show run all threat-detection
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200
threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160
threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate interface-drop rate-interval 600 average-rate 2000 burst-rate 8000
threat-detection rate interface-drop rate-interval 3600 average-rate 1600 burst-rate 6400
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ASKER CERTIFIED SOLUTION
max_the_king

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros