18-9
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 18 Threat Detection
Monitoring Threat Detection
1-hour ACL drop: 0 0 0 112
1-hour SYN attck: 5 0 2 21438
10-min Scanning: 0 0 29 193
1-hour Scanning: 106 0 10 384776
1-hour Bad pkts: 76 0 2 274690
10-min Firewall: 0 0 3 22
1-hour Firewall: 76 0 2 274844
10-min DoS attck: 0 0 0 6
1-hour DoS attck: 0 0 0 42
10-min Interface: 0 0 0 204
1-hour Interface: 88 0 0 318225
Monitoring Advanced Threat Detection Statistics
To monitor advanced threat detection statistics, use the commands shown in the following table. The
display output shows the following:
•
The average rate in events/sec over fixed time periods.
•
The current burst rate in events/sec over the last completed burst interval, which is 1/30th of the
average rate interval or 10 seconds, whichever is larger
•
The number of times the rates were exceeded (for dropped traffic statistics only)
•
The total number of events over the fixed time periods.
The ASA stores the count at the end of each burst period, for a total of 30 completed burst intervals. The
unfinished burst interval presently occurring is not included in the average rate. For example, if the
average rate interval is 20 minutes, then the burst interval is 20 seconds. If the last burst interval was
from 3:00:00 to 3:00:20, and you use the
show
command at 3:00:25, then the last 5 seconds are not
included in the output.
The only exception to this rule is if the number of events in the unfinished burst interval already exceeds
the number of events in the oldest burst interval (#1 of 30) when calculating the total events. In that case,
the ASA calculates the total events as the last 29 complete intervals, plus the events so far in the
unfinished burst interval. This exception lets you monitor a large increase in events in real time.
Command
Purpose
show
threat-detection statistics
[
min-display-rate
min_display_rate
]
top
[[
access-list
|
host
|
port-protocol
]
[
rate-1
|
rate-2
|
rate-3
] |
tcp-intercept
[
all
]
detail
]]
Displays the top 10 statistics. If you do not enter any options, the top 10
statistics are shown for all categories.
The
min-display-rate
min_display_rate
argument limits the display to
statistics that exceed the minimum display rate in events per second. You
can set the
min_display_rate
between 0 and 2147483647.
Following rows explain optional keywords.
Содержание ASA 5508-X
Страница 11: ...P A R T 1 Access Control ...
Страница 12: ......
Страница 60: ...4 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 4 Access Rules History for Access Rules ...
Страница 157: ...P A R T 2 Network Address Translation ...
Страница 158: ......
Страница 204: ...9 46 Cisco ASA Series Firewall CLI Configuration Guide Chapter 9 Network Address Translation NAT History for NAT ...
Страница 232: ...10 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 10 NAT Examples and Reference DNS and NAT ...
Страница 233: ...P A R T 3 Service Policies and Application Inspection ...
Страница 234: ......
Страница 379: ...P A R T 4 Connection Management and Threat Detection ...
Страница 380: ......
Страница 400: ...16 20 Cisco ASA Series Firewall CLI Configuration Guide Chapter 16 Connection Settings History for Connection Settings ...
Страница 414: ...17 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 Quality of Service History for QoS ...