diff --git a/ansible/playbooks/drift-check.yml b/ansible/playbooks/drift-check.yml
index fdf8de0..aa8d776 100644
--- a/ansible/playbooks/drift-check.yml
+++ b/ansible/playbooks/drift-check.yml
@@ -14,7 +14,7 @@
         drifted_files: []
 
     # ─────────────────────────────────────────────────────────────────────────
-    # Compare rsyslog.conf content
+    # Compare rsyslog.conf content (with line ending normalization)
     # ─────────────────────────────────────────────────────────────────────────
     - name: Read Git rsyslog.conf
       slurp:
@@ -27,9 +27,23 @@
         src: "{{ rsyslog_main_config }}"
       register: server_main_conf
 
+    - name: Normalize line endings and compare rsyslog.conf
+      set_fact:
+        # Decode base64, normalize line endings (CRLF -> LF), compare
+        git_main_content: "{{ (git_main_conf.content | b64decode | replace('\r\n', '\n')) }}"
+        server_main_content: "{{ (server_main_conf.content | b64decode | replace('\r\n', '\n')) }}"
+
     - name: Check rsyslog.conf content match
       set_fact:
-        main_conf_match: "{{ git_main_conf.content == server_main_conf.content }}"
+        main_conf_match: "{{ git_main_content == server_main_content }}"
+
+    - name: Debug rsyslog.conf comparison
+      debug:
+        msg: |
+          Git rsyslog.conf size: {{ git_main_content | length }} chars
+          Server rsyslog.conf size: {{ server_main_content | length }} chars
+          Match: {{ main_conf_match }}
+      when: not main_conf_match
 
     - name: Mark drift if rsyslog.conf differs
       set_fact: