Hi,
The syslog traffic maybe legit or something that can be controlled in your network. But I am more interested in the second one - ICMP type-11 Code-0 traffic from 1src to 1 destination, consuming 11.2% of total CPU traffic volume does not look right.
Type-11 Code-0 is ICMP TTL expired notification and should be very low volume normally.
Not to cause panic, but this might be a DOS attack, commonly labelled as 'TTL Expiry Attack'.
If 60.9.185.16 is unknown, I'd say it is better to have it blacklisted first.