I am interested in gathering cumulative threat-detection statistics from an ASA running 8.3, and displaying number of attacks over time. I am already capturing traffic information via netflow, but am interested in getting threat information.
Is there a way to capture the statistics via SNMP or any other method?
We have a 5585X running in multi context mode, and we are getting log entries for scanning threat detection, such as:
%ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 2 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 3116
Threat detection is not supported in multi context mode so I cannot tune the thresholds, is there any way that I can get rid of this outside of messing about with logging levels/message IDs?
Can threat detection provoke frequent disconnections on allowed traffic?We are using asa 5520 with 8.3.1 IOS For instance in ASDM we see SYN attack messages .The source ip address correspond to external an external host (in the outside interface) wich is allowed to connect to internal servers(in the internal interfaces).
Our threat conf is as follow:
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
[code]....
Are there any good freeware software for network workload performance reporting (i.e. monitoring, statistics, etc. )?
View 4 Replies View RelatedWe use Cacti to get interfaces statistics of a ASR1002 router (version 03.04.02.S.151-3.S2).A new GRE tunnel has been created, but unfortunately we are not able to get basic interface average during the day.What is surprising is the fact the graphs are built on the night only.
It seems as soon as we exceed some level of Bandwidth (~ 700-800k) the tool does not get the information.The OID I try to get are ifHCInOctets (.1.3.6.1.2.1.31.1.1.1.6) and ifHCOutOctets (.1.3.6.1.2.1.31.1.1.1.10) and some other interface statistics for both 64 and 32 bits. [code]
I have remote site in which site to site vpn is configured with hub site using 5510 model. now i am using load balancer in which 2 isp will terminate one is isfy and other is reliance . now i want if suppose ipsec-tunnel is configured primary with sify. if sify link fail at hub site then at remote site should be able to communicate with reliance that is secondary?
View 7 Replies View RelatedHow I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
Is there a way I can generate bandwidth reports on Cisco PIX 535 ?
View 1 Replies View Relatedhow to configure ip sla monitoring on asa ver 7.0 (6) ?
View 4 Replies View RelatedI have an ASA 5500 Firewall. I need to figure out how to log all events using Port 25 to determine if there are any rogue devices on our network. I was trying to figure out how to do this via the Real-Time Monitoring (filter) but have had no success.
View 1 Replies View RelatedI am new to the PIX firewall. And recently implemented the PIX 506e in my network. I wants to know how we can monitor the system that is generating the more traffic on Network through Firewall.
View 4 Replies View RelatedI have a question regarding failover monitoring on the ASA5505 in an active/standby configuration.
I understand that on the 5505 you create VLAN interfaces and then assign the VLANs to the 5505 switchports. With failover configured on the 5505, the VLAN interface names are monitored. For example, VLAN 100 interface named Inside is assigned to ethernet0/1, switchport mode access. When issuing a show failover command the output will show the monitor status of interface Inside..
Does failover monitor the VLAN virtual interface only? Does failover also monitor the link status of the ethernet0/1 switchport?
We have one pair Cisco ASA 5505 located in different location and there are two point to point links between those two locations, one for primary link (static route w/ low metric) and the other for backup (static route w/ high metric). The tracked options is enabled for monitoring the state of the primary route. the detail parameters regarding options as below,
Frequency: 30 seconds Data Size: 28 bytes
Threshold: 3000 milliseconds Tos: 0
Time out: 3000 milliseconds Number of Packets: 8
[code]....
I'm not sure if the setting is so sensitive that the secondary static route begins to work right away, even when some small link flappings occur. What is the best practice to set those parameters up in the production environment. How can we specify the reasonanble monitoring options to fit our needs.
I am trying to monitor my ASA 5505. This asa is connect via a ip-sec tunnel to our network. I have no problems with snmp monitoring devices behind the ASA, but when trying to monitor the asa itself I do not get a SNMP response.
View 2 Replies View RelatedWhat are considered the best practices for monitoring ASA's--specifically the 5510 with Sec+ License.
My current monitoring application keeps reporting issues with outbound interface buffers being too high, but there are not any performance issues and I believe the thresholds are just set absurdly low.
i have a couple of ASA 5510 in Active/Failover configuration. Failover LAN is configured on management0/0 e the ASA are connected with a back-to-back direct cable.
ASA has an interface in access mode inside with standby ip address and show failover is compliant with expected result in show failover (Normal)
ASA-PRIMARY# sh failover Failover On Failover unit PrimaryFailover LAN Interface: LANfailover Management0/0 (up)Unit Poll frequency 1 seconds, holdtime 15 secondsInterface Poll frequency 5 seconds, holdtime 25 secondsInterface Policy
[Code]....
We are using MS System Center Operations Manager to monitor network devices. We are trying to monitor our Cisco ASA 5525-X firewall interfaces.
We have a generic management pack installed that seems to work for parts of the 5525. We can see performance info for IF-4 but none of the other interfaces.
Our Management Pack is a generic Cisco Adaptive Security Appliance Version 9.1(1) management pack.
Is there a management pack that is specifically for this Cisco firewall?
I have a 5520 ASA running 8.2(1) and ASDM 6.2(1). The ASA has been running for 223 days without issue. Today it stopped showing real time status on the Device Dashboard from within ASDM. All of the graphs state "Lost connection to Firewall."I try to manually reconnect but it will not. I have tried on a couple different computers and cannot get the monitoring connection to work.It is a very busy firewall and I will have to schedule for a restart (which I was thinking of doing) even though I do not see a memory issue as per snip below. I don't want to restart unless it is the best option.
View 13 Replies View RelatedLENOVO G580 - i5,4gb ram, 500gb harddisk , network adapters- atheros ar8162 pcie- fast ethernet controller, broadcom 802.11n network adapter.i am using quickheal total secutity for a total antivirus protection.My problem is that whenever i connect my laptop using a d-link crossover cable to connect to my desktop the connection establishes successfully but on browsing or copying data the system gives a bsod error.initially i didn't got a clue as to what causes the error but then i figured out that uninstalling q-heal solves the problem an reintalling it again causes the same problem.ive tried using different versions/products of qiuckheal but all end up generating a blue screen error.not only this , whenever i use a software that has some thing to do with network like monitoring appliction wise bandwith or something it also ends up in bsod.
View 5 Replies View RelatedI am using ASA 5510 Firewall and i have established VPN tunnels too , now i want to Monitor the bandwidth utilization , i have installed PRTG Monitor application and want to add the firewall , how to enable the SNMP in ASA .
View 1 Replies View RelatedI'm currently implementing Microsoft System Center 2012 Operations Manager, the curent stage of the project is to add the network devices to SCOM via SNMP in order to monitor them, I am able to add them all and monitor; however, my ASA 5510, although SCOM discovers the ASA via SNMP and adds it to the network monitoring list, it loses SNMP connectivy every 30 minutes, and 15 later it reconnect with SCOM, then after another 15 minutes it loses the connection again, and so on and so for.
View 1 Replies View RelatedI have such input data:
2xN7K-C7010 - Nexus7000 C7010 (10 Slot) Chassis
2xN7K-M132XP-12 - 32x10Gbps
NX-OS version 6.1(1)
I have enable (by default) QoS feature on them:
N7k# show policy-map interface brief
Interface/VLAN [Status]:INP QOS OUT QOS INP QUE OUT QUE
================================================================================
port-channel1 [Active]: default-in-po default-out-p
port-channel2 [Active]: default-in-po default-out-p
port-channel10 [Active]: default-in-po default-out-p
Ethernet1/1 [Active]: default-in-po default-out-p
[code]....
I have recently installed prime lms 1.3 and added several switches to be managed. Is there at this moment a possibility to display port statistics and network statistics for the wired part of the network? I am used working with LMS, but features like the topology view, with bandwidth usage is not yet integrated in Prime Infra it seems. Is there anything to monitor the wired network in Prime Infra 1.3.
View 2 Replies View Relatedwhen using "show mls statistics" I see a lot packets are getting L3 Processed. Does that mean they are getting software-forwarded?
IOS is 12.2(33)SXI5.
Cat6k#show mls statistics
Statistics for Earl in Module 5
L2 Forwarding Engine
[Code]....
how can I reset the port statitics on the RV180 router without rebooting the router? I have the latest firmware.
View 5 Replies View Relatedunderstanding of "mls qos interface stat"
I took a switch and connected it to my LAN switch is 2960 with LanBase image and PoE on it I have 3 interfaces in up state - 2 interfaces with cisco phones (6921 and 9951) nad 1 interface as uplink
here is its configuration
interface FastEthernet0/1
switchport mode access
switchport voice vlan 555
[Code].....
I have a little problem...I want to see the maximum tcp connections that I had on my Cisco. I tried using show ip statistics but it's not working. I have a Cisco Catalyst 3750G (WS-C3750G-48TS)
IOS -> Version 12.2(52)SE, RELEASE SOFTWARE (fc3)
I'm running v4.3.5 in our WAAS environment. At the CLI of one of our 7341 WAEs, there are several connections that show up [code] However, in the Central Manager nothing shows up - not even empty graphs - when I click on a device and go to monitor/connections statistics. After a few minutes, I do get an error message that states "Error retrieving connection stats. Please ensure that the device is online and then refresh." By the way, I get all other statics in the GUI such as Optimization Details Report, Traffic Summary Report, etc. Another thing, these WAEs are behind a router and supposedly the ports to allow access to/from the WAEs and other data is allowed through the firewall.
Is there some special port that needs to be opened on the firewall to allow for 'connection statistics' information displayed, that doesn't need to be opened for the other statistics to display? Or could this be a bug in the software?
I have the Cisco EPC3825 EuroDocsis 3.0 Gateway and i cannot get statistics from this modem on snmp. Use snmpwalk. Nothing was found in settings of device.
View 1 Replies View RelatedRegion : India
Model : TL-WR740N
Hardware Version : V4
Firmware Version : 3.12.11 Build 120320 Rel.51047n
ISP : BSNL
how to get a graph of the router statistics like upload and download speeds - both total and per device? Something like MRTG. The closest I came to getting data from the router was with RouterStats-Lite, but I was unable to get it to work.
I have users connected to a 2960-S running 12.2(53r)SE complaining of slow network, specifically Internet performance while the upstream 2960 on the same vlan has no such issues, so I don't suspect link congestion on the face of things.I'm planning on upgrading the code, but wanted to see what could be checked first. I'm seeing some drops but could use some tips on how to proceed from here as to what might be the issue. CPU is under 10% whenever I check it.
View 7 Replies View Relatedhow can I clear the counters of the policy-map statistics in an 7600 and the 1841 router?
View 6 Replies View Relatedthe WLC 4404 present this logs:
*osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED: osapi_file.c:370 Failed to open the file : /proc/927/stat.(erno 24)
*osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-TASK_GETTIME_FAILED: osapi_task.c:3431 Failed to retrieve statistics (/proc/<pid>/stats) for task 'gccp_t'
*osapiReaper: Oct 02 14:55:11.152: %OSAPI-3-FILE_OPEN_FAILED: osapi_file.c:370 Failed to open the file : /proc/926/stat.(erno 24)(code )
when present this loggs the device present those symptoms:
lost GUI session
Lost console conection
Lost SSH and Telnet conecction
the WLC 4404 not work is stopedd