Description
AppWall sends data to syslog servers via the MP proxy mechanism. A UDP AppWall proxy listener mistakenly gets duplicated upon Apply for the related existing syslog server for one of the following reasons:
- The syslog server definition changes.
- /c/sys/syslog/proto is not set to UDP in the configuration before the Apply.
The increased number of the connection listeners might cause the MP to spend more time in logic checking if there is new data to treat.
The duplication for a specific listener can be detected using the following cli debug command:
/maint/debug/connections/print listeners CONN_APPL_PROXY
If, in the output, the laddr/lport values are the same for multiple MNG_UDP connections, this is considered a duplication.
Affected Versions
32.4.x and later
Bug ID
AL-149538
Solution
Upgrade to a version that fixes the issue.
Workaround
Update the configuration to avoid a non-UDP value for /c/sys/syslog/proto
For example:
/c/sys/syslog
hst1 10.5.6.7 6 0 all 514 inherit
hst2 10.5.6.8 6 0 all 5069 inherit
hst3 10.5.6.9 6 0 all 5072 inherit
hst4 10.5.6.10 6 0 all 5072 inherit
proto tcp
should be changed to:
/c/sys/syslog
hst1 10.5.6.7 6 0 all 514 tcp
hst2 10.5.6.8 6 0 all 5069 tcp
hst3 10.5.6.9 6 0 all 5072 tcp
hst4 10.5.6.10 6 0 all 5072 tcp
proto udp
If the MP CPU is already high, in addition to the above configuration changes, reboot the device to clear the duplicated listeners.
ETA for fix
The fix is scheduled to be available in the following releases:
- 34.5.3.0
- 33.5.12.0
- 33.0.16.0
- 34.0.8.0
- 32.4.22.0
- 32.6.20.0