1.0.0.127 UDP 514 Traffic
Begging for help here...
I am a IT Security Specialist, not a LINUX specialist, and I hope one of you guru's can help me out.
I am seeing allot of traffic on our network that is coming from various Linux servers going to 1.0.0.127 udp port 514. And I have no idea what it is. I know 514 is SYSLOG and 1.0.0.127 is a reverse-dns for the local host, but nobody in our enterprise can explain the traffic. I did a packet capture and show's the packets with "autotrace[5625]: E: procname: cannot op" in the SYSLOG portion of the packet. Any ideas?
|