Lorsqu'ePO est configuré pour transmettre des événements à un récepteur syslog, trois copies de chaque événement sont transmises.
Si la journalisation de débogage (niveau de journalisation 8) est activée sur le serveur ePO, des messages similaires aux suivants sont enregistrés dans le fichier
EventParser_systemname.log (
<ePO installed folder>\DB\logs) :
20220614112238 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(274): SSL callback, where = 0x00000010, ret = 1
20220614112238 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(312): SSL_CB_HANDSHAKE_START
20220614112238 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(274): SSL callback, where = 0x00001001, ret = 1
20220614112238 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(282): SSL_CB_CONNECT_LOOP
20220614112238 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(274): SSL callback, where = 0x00001001, ret = 1
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(282): SSL_CB_CONNECT_LOOP
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(291): SIO_getsockopt(2276, SO_RCVTIMEO ) returned 0, value=10000
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(274): SSL callback, where = 0x00001001, ret = 1
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(282): SSL_CB_CONNECT_LOOP
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(291): SIO_getsockopt(2276, SO_RCVTIMEO ) returned 0, value=10000
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(274): SSL callback, where = 0x00001001, ret = 1
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(282): SSL_CB_CONNECT_LOOP
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(291): SIO_getsockopt(2276, SO_RCVTIMEO ) returned 0, value=10000
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(274): SSL callback, where = 0x00000020, ret = 1
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(317*): SSL_CB_HANDSHAKE_DONE*
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(323): SIO_setsockopt(2276, SO_RCVTIMEO, 0 ) returned 0
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(274): SSL callback, where = 0x00001002, ret = 1
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(197): ** Handshake success*
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(241): Peer cert chain count: 1
==============================================================================================================
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(409): Wrote 3201 SSL bytes, trying to write 3201 bytes to 10.10.10.100:6514
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(151): Using cached connection for 10.10.10.100:6514
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(409): Wrote 3201 SSL bytes, trying to write 3201 bytes to 10.10.10.100:6514
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(151): Using cached connection for 10.10.10.100:6514
20220614112239 X #04980 MFEFIPS mfefips_SSLSubSys.cpp(409): Wrote 3201 SSL bytes, trying to write 3201 bytes to 10.10.10.100:6514
==============================================================================================================
The important part here is the same number of bytes are written three times to the same IP address in rapid succession. In the syslog system, three identical copies of the same event are recorded.
