I currently have a FortiGate reporting events to Splunk through a TCP port: 601 (Reliable) and I getting some weird events that look like the following:
RPY 0 0 . 0 52
Content-type: application/beep+xml
END
They look like some sort of configuration information. When I set up the FortiGate to send logs to a UDP port like 514, I receive data that is more understandable.
Does anybody know why do the events look like this in a TCP port?
↧