Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[STRM/JSA] Log sources are getting ICMP messages from the Event Processor

0

0

Article ID: KB34701 KB Last Updated: 29 Jun 2019Version: 1.0
Summary:

Port unreachable messages are expected when ECS is not running or port 514 is not open. As a result, JSA will send ICMP messages to the syslog log source with port unreachable as per RFC specification.

Symptoms:

ICMP messages are recieved on the log sources that are sourcing from a JSA appliance.

Cause:

When Event Collection Server (ECS) is down, JSA sends ICMP messages of port unreachable to the syslog sources. If there are enough log sources with a high rate, every event sent could trigger an ICMP port unreachable message for port 514 from the JSA appliance.

Solution:

Ensure that port 514 is open and that ECS is running on the JSA appliances.  Contact your JTAC representative if you are unable to determine the cause of ECS not running.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search