Monitoring advanced threat detection statistics – Cisco ASA 5505 User Manual

Page 1195

Advertising
background image

56-9

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 56 Configuring Threat Detection

Configuring Advanced Threat Detection Statistics

Monitoring Advanced Threat Detection Statistics

The display output shows the following:

The average rate in events/sec over fixed time periods.

The current burst rate in events/sec over the last completed burst interval, which is 1/30th of the
average rate interval or 10 seconds, whichever is larger

The number of times the rates were exceeded (for dropped traffic statistics only)

The total number of events over the fixed time periods.

Step 5

threat-detection statistics protocol

[number-of-rate

{1 | 2 | 3}]

Example:

hostname(config)# threat-detection statistics

protocol number-of-rate 3

(Optional) Enables statistics for non-TCP/UDP IP
protocols.

The number-of-rate keyword sets the number of
rate intervals maintained for protocol statistics. The
default number of rate intervals is 1, which keeps the
memory usage low. To view more rate intervals, set
the value to 2 or 3. For example, if you set the value
to 3, then you view data for the last 1 hour, 8 hours,
and 24 hours. If you set this keyword to 1 (the
default), then only the shortest rate interval statistics
are maintained. If you set the value to 2, then the two
shortest intervals are maintained.

Step 6

threat-detection statistics tcp-intercept

[rate-interval minutes] [burst-rate attacks_per_sec]

[average-rate attacks_per_sec]

Example:

hostname(config)# threat-detection statistics

tcp-intercept rate-interval 60 burst-rate 800

average-rate 600

(Optional) Enables statistics for attacks intercepted
by TCP Intercept (see the

Chapter 53, “Configuring

Connection Settings,”

to enable TCP Intercept).

The rate-interval keyword sets the size of the
history monitoring window, between 1 and 1440
minutes. The default is 30 minutes. During this
interval, the ASA samples the number of attacks 30
times.

The burst-rate keyword sets the threshold for
syslog message generation, between 25 and
2147483647. The default is 400 per second. When
the burst rate is exceeded, syslog message 733104 is
generated.

The average-rate keyword sets the average rate
threshold for syslog message generation, between
25 and 2147483647. The default is 200 per second.
When the average rate is exceeded, syslog message
733105 is generated.

Note

This command is available in multiple
context mode.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals