Excessive traffic on port 514 from loop back

Report Inappropriate Content · ‎11-22-2006

Hi I am seeing a lot of traffic from 127.0.0.1 to 127.0.0.1 on port 514. As this port is usually syslog rec' v port, or RSH this seems rather strange. At least 100 connections most of the time. Can anyone explain? Thanks.

Fireshield · ‎11-22-2006

Do you somehow have itself as the syslog or FortiAnalyzer?

FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT

Report Inappropriate Content · ‎11-22-2006

No, under Log Settings, both Syslog and FortiAnalyzer are unchecked.

Report Inappropriate Content · ‎11-22-2006

I assume you' re logging to internal memory of the FG unit, hence the traffic.

Fireshield · ‎11-22-2006

I just checked 3 of our boxes that are logging to memory and none of them have sessions like this, 2.8 or 3.0. Tried the session tables and packet sniffer.

FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT

Report Inappropriate Content · ‎11-22-2006

Yes, I am logging to the internal memory. I run Fortigate-60 3.00,build0318,060630. Still seems strange that internal logging sends syslog packets to itself.

Report Inappropriate Content · ‎11-22-2006

Just remove logging to internal memery. You' ll see the traffic disappear. It' s not that strange though

Report Inappropriate Content · ‎11-22-2006

By the way, it' s better to log to an external box (FortiAnalyser, or syslog server (kiwi deamon?) It will not disappear at reboot and more importantly reduce the memory load on the FG. esp. on small models. 50A & 60.

Excessive traffic on port 514 from loop back

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website