Me too , and so does many people who complained about the same thing in the GitHub page.
In TCP the sending is 10 times per event , in UDP it can be 100 times or more.
I believe the root cause is a logical error in how the Python script is written, as described here -
https://stackoverflow.com/questions/30740251/python-logging-module-handlers-sysloghandler-sending-multiple-lines-insteaBut I didn't manage to fix it.
If anyone is a good Python scripter, some help would be nice.
------------------------------
Roee Sharon
RSECURE
------------------------------
Original Message:
Sent: 01-13-2021 20:49
From: Worachat Sarsa
Subject: SYSLOG sending from script found massively duplicated on SIEM or Log Receiver
I have this problem too.
------------------------------
Worachat Sarsa
Exclusive Networks TH
Original Message:
Sent: 01-12-2021 05:30
From: Piyapong Thongrith
Subject: SYSLOG sending from script found massively duplicated on SIEM or Log Receiver
Hi,
I have a problem with the latest version of the logger downloader. Which has symptoms like SYSLOG sending from script found massively duplicated on SIEM · Issue #20 · imperva/incapsula-logs-downloader
My test result.
Configuration Settings.config
Incapsula log downloader save to local directory.
Log receiver.
Events duplicate around 3x - 10x.
I test on TCP and UDP have the same issue.
PS. Python 2.7 did not find this issue.
#CloudWAF(formerlyIncapsula)
------------------------------
Piyapong Thongrith
i-secure co., Ltd.
Bangkok
------------------------------