DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
SysLog Results Interpretation
- gcp
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 53
- Thank you received: 0
18 Jan 2011 12:39 #65705
by gcp
SysLog Results Interpretation was created by gcp
Hi all, I've been monitoring my syslog output for a while and I've noticed periods of time when there are tons of messages coming through, approximately 20 per second, all saying the same thing:
Virtual Server: 217.36.xxx.xxx:443 -> 192.168.222.3:443 (TCP)
Now the 217.36.xxx.xxx is my external static IP address and the 192.168.222.3 is my internal MS Exchange server.
These bout of messages last for minutes at a time and the network generally seems to get slower during that time.
Is this normal?
[/img]
Virtual Server: 217.36.xxx.xxx:443 -> 192.168.222.3:443 (TCP)
Now the 217.36.xxx.xxx is my external static IP address and the 192.168.222.3 is my internal MS Exchange server.
These bout of messages last for minutes at a time and the network generally seems to get slower during that time.
Is this normal?
[/img]
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
19 Jan 2011 09:45 #65731
by voodle
Replied by voodle on topic SysLog Results Interpretation
It looks like syslog messages for port forwarding - port 443 would be your exchange server's webmail interface.
Please Log in or Create an account to join the conversation.
- gcp
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 53
- Thank you received: 0
19 Jan 2011 09:49 #65732
by gcp
Replied by gcp on topic SysLog Results Interpretation
Yes that is correct. But why so many do you think?
It seems to occur about 20 times a second for periods of about 1 to 3 minutes at a time. It does also seem to correspond with when an iPhone checks for mail. Is this normal?
The exchange server is hardly used that much if I am honest so I'm surprised by that amount of traffic.
It seems to occur about 20 times a second for periods of about 1 to 3 minutes at a time. It does also seem to correspond with when an iPhone checks for mail. Is this normal?
The exchange server is hardly used that much if I am honest so I'm surprised by that amount of traffic.
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
Less
More
- Posts: 1139
- Thank you received: 0
19 Jan 2011 13:54 #65744
by voodle
Replied by voodle on topic SysLog Results Interpretation
If you look in the Diagnostics - NAT Session table on the router, you should see where that traffic is coming from, it could be that someone is attempting to log into it using brute force? With that many attempts, that's quite likely.
Please Log in or Create an account to join the conversation.
- guyver
- Offline
- New Member
Less
More
- Posts: 7
- Thank you received: 0
19 Jan 2011 18:04 #65746
by guyver
Yes that's quite normal. Exchange's ActiveSync technology works completely over HTTP/HTTPS and it is multiple requests to sync and transfer items back/forth so if you have the iPhone set to "Push" you'll be seeing this each time there is a new piece of mail or a calendar/contact item is altered etc.
If you look at the HTTP server log file on the Exchange server you should be able to see more information and you'll see all the different VERBs being sent from the mobile device (GET/POST/SUBSCRIBE/PROPFIND etc)
Replied by guyver on topic SysLog Results Interpretation
It seems to occur about 20 times a second for periods of about 1 to 3 minutes at a time. It does also seem to correspond with when an iPhone checks for mail. Is this normal?gcp wrote:
Yes that's quite normal. Exchange's ActiveSync technology works completely over HTTP/HTTPS and it is multiple requests to sync and transfer items back/forth so if you have the iPhone set to "Push" you'll be seeing this each time there is a new piece of mail or a calendar/contact item is altered etc.
If you look at the HTTP server log file on the Exchange server you should be able to see more information and you'll see all the different VERBs being sent from the mobile device (GET/POST/SUBSCRIBE/PROPFIND etc)
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek