반품
-
제목
Syslog-ng Reprocessing Ansible Proofpoint Log File -
설명
When using Ansible Proofpoint logging, log files are reprocessed in their entirety whenever new logs are written to the log file. (All logs are resent, not just the new logs). -
원인
Ansible Proofpoint, when logging, creates a temporary log file from the existing log file which it then writes the new logs into. Once that file is complete, the current log file is then overwritten from the temporary file Ansible creates.
As this file is technically a new file with a new inode, Syslog-ng sees this as a completely new log and processes the entire file which will contain previous log entries that may have already been processed through Syslog-ng PE.
This is a limitation of Ansible. Please consult Ansible support for more information. -
해결 방안
There are two workarounds, please see below:
1.) Use log rotate to rotate the file out once Syslog-ng PE has processed the log file so only new logs are written and processed through Syslog-ng.
2.) Have Ansible create a new log file without capturing the old logs and using a wildcard in the file() and/or wildcard-file() source only that new log file would be processed.
There is no resolution to this as this is a limitation of Ansible Proofpoint.