PSA: Check your VA flatcar version, check if logs are getting rotated

Dear Community,

It seems that multiple clients have issues where the VA doesn’t have an up to date flatcar installation (old version of kernel/docker etc). You can check the version using less /etc/os-release.

Latest stable flatcar releases are (according to Releases | Flatcar Container Linux ):

  • 3815.2.0 (Feb 2024)
  • 3760.2.0 (Jan 2024)
  • 3602.2.3 (Dec 2023)

If you are not using at least on of these version, you may want to contact SailPoint Support to see why the update of the base operating system doesn’t work.

Another issue that you may be affected by (but which may not really matter to you), is that log rotation isn’t working.
Check which files you have on the VA under /home/sailpoint/log: are they huge? Should they have been rotated by now? Contact support as rotation may not be enabled…

Best regards,


Thanks Andrei.
Do you know if Sailpoint VA(flatcar) releases and updates follow the Official Flatcar release-schedule?
And is there somewhere SailPoint announces these updates?


Thanks for mentioning this. A Client just brought up today that their Logs are not rotating and saving the backup as expected based on KB0011188.

I have advised them to contact Support, but is there anything they can check in the short term? Since the backups are not being saved, they are unable to get accurate logs for debugging.

Hi @mkjn1, I don’t think they follow the official Flatcar releases automatically. I don’t know when they decide to update to a newer version, and if they skip some versions.

I believe:

  • they should make this process more transparent, as we are talking about security updates
  • they should have an automatic check of the version installed and notify you (email/ISC interface), if the version is stuck to an older version

Just for reference, deleting the machine-id and triggering another update managed to update from a Flatcar version from beginning of 2023 to a version from January 2024.

From support:

I have asked them "When will the versions 3815.2.0 (from February) and 3815.2.1 (from March) be installed? 29 days ago, but of course I only get the

To update you that I am still working on the same with the DevOps team and will update you as soon as we get something concrete on it.

Best regards,

They may try to enable the logrotate.timer. It was not possible to execute this command on the VA, but after an update I was able to execute it. I hope/guess they rolled the change to everyone.

sailpoint@va ~ $ sudo systemctl enable logrotate.timer 
Created symlink /etc/systemd/system/ → /usr/lib/systemd/system/logrotate.timer. 

Thanks, I’ll have to look. The file is getting rotated, but the previous one is not saved anywhere, making it difficult to debug issues near when it rolls over. Support said that the KB Article I referenced above was actually incorrect (and has since been updated) in stating the logs will be backed up locally.

So what I am looking for is a way to get the current CCG.log file, and at least the one previous to it so we can better review issues. I am not sure if updating the log4j2 file referenced in the logging document also allows for updates to the log configuration, or only the loggers.

This means the file is overwritten, not that it gets rotated.
The rotation happens outside of Log4j/CCG Java code, there is a systemd task triggered by the logrotate.timer.

@adamian I am seeing the LogRotate in my Test Environment VA, but when I look at the sailpoint configuration in “/etc/logrotate.d/sailpoint”, they have it set to “rotate 0” and the prerotate task is set to truncate the log file. We are unable to edit this file also as it is set to read-only.