56-9
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter56 Configuring Threat Detection
Configuring Advanced Threat Detection Statistics
Monitoring Advanced Threat Detection Statistics
The display output shows the following:
The average rate in events/sec over fixed time periods.
The current burst rate in events/sec over the last completed burst interval, which is 1/30th of the
average rate interval or 10 seconds, whichever is larger
The number of times the rates were exceeded (for dropped traffic statistics only)
The total number of events over the fixed time periods.
Step5 threat-detection statistics protocol [number-of-rate
{1 | 2 | 3}]
Example:
hostname(config)# threat-detection statistics
protocol number-of-rate 3
(Optional) Enables statistics for non-TCP/UDP IP
protocols.
The number-of-rate keyword sets the number of
rate intervals maintained for protocol statistics. The
default number of rate intervals is 1, which keeps the
memory usage low. To view more rate intervals, set
the value to 2 or 3. For example, if you set the value
to 3, then you view data for the last 1 hour, 8 hours,
and 24 hours. If you set this keyword to 1 (the
default), then only the shortest rate interval statistics
are maintained. If you set the value to 2, then the two
shortest intervals are maintained.
Step6 threat-detection statistics tcp-intercept
[rate-interval minutes] [burst-rate attacks_per_sec]
[average-rate attacks_per_sec]
Example:
hostname(config)# threat-detection statistics
tcp-intercept rate-interval 60 burst-rate 800
average-rate 600
(Optional) Enables statistics for attacks intercepted
by TCP Intercept (see the Chapter 53, “Configuring
Connection Settings,” to enable TCP Intercept).
The rate-interval keyword sets the size of the
history monitoring window, between 1 and 1440
minutes. The default is 30 minutes. During this
interval, the ASA samples the number of attacks 30
times.
The burst-rate keyword sets the threshold for
syslog message generation, between 25 and
2147483647. The default is 400 per second. When
the burst rate is exceeded, syslog message 733104 is
generated.
The average-rate keyword sets the average rate
threshold for syslog message generation, between
25 and 2147483647. The default is 200 per second.
When the average rate is exceeded, syslog message
733105 is generated.
Note This command is available in multiple
context mode.
Command Purpose