I have NXLOG installed, and use UDP to receive and sent the servers logs. However, when I run the netstat command I found that there are packets on error and other received through unknown ports. See the lines shown :



 123234944 packets received

223432 packets to unknown port received.

523455 packet receive errors

2111 packets sent

Why does it happen? I didn't configure any other port on my NXLOG and the firewall rules only accept 514 port to communicate with my NXLOG server.

How could I verify what is this? Is it normal?


Thank you very much for your help and answer





AskedNovember 22, 2016 - 2:15pm

Answer (1)

If there is nothing listening on the UDP port the kernel will count this towards "packets to unknown port received.",  i.e. there were 223432 packets dropped because NXLog wasn't running.