Hello Sean,
The root interface is like the localhost.
I would think the logs are due to invalid packets, but not 100% sure.
They could be logged if you have " set other-traffic" enabled under " config log fortianalyzer filter" (see also http://kb.fortinet.com/kb/documentLink.do?externalID=11743).
For more certitude, a sniffer trace with a filter would help to confirm this :
<< diag sniff packet any " host a.b.c.d or 10.0.0.15" 6 >> (stop sniffer with CTRL+C).
A conversion into a .cap would help to analyze the packets (see Perl script in http://kb.fortinet.com/kb/documentLink.do?externalID=11186).
Hope this helps.
Remi.
Remi Metzger - PS Consultant EMEA