Howto Copy Log Files using rsync




Contents

  • 1 Configure rsync daemon( at rsyslog server )
    • 1.1 rsyncd.conf
    • 1.2 rsyncd.secret (optional)
    • 1.3 run the rsync daemon
  • 2 rsync client ( at splunk server )
  • 3 create schedules to run rsync using cron

Configure rsync daemon( at rsyslog server )


rsyncd.conf

create file rsyncd.conf at /etc/ with this content
max connections = 2
log file = /var/log/rsync.log
timeout = 300
[rsyslog]
comment = Copy rsyslog Log file for splunk
path = /var/log/rsyslog
read only = yes
list = yes
uid = nobody
gid = nobody
# auth users = root
# secrets file = /etc/rsyncd.secrets
# host allow = 192.168.0.200

rsyncd.secret (optional)

just unmark the # at rsyncd.conf to activate the secret file
root:PLa1nr0otP4s$wOrd

run the rsync daemon

#rsync --daemon --config=/etc/rsyncd.conf

rsync client ( at splunk server )

run this command for copy the log file
#rsync -avuzP rsync://192.168.0.3/rsyslog /var/log/rsyslog

create schedules to run rsync using cron

PATH=/sbin:/bin:/usr/sbin:/usr/bin
5 * * * * /usr/bin/rsync -avuzP rsync://192.168.0.3/rsyslog /var/log/rsyslog

Comments

Popular posts from this blog

authentication failure using SSH pam_unix(sshd:auth): authentication failure;

Howto configure SPLUNK Universal Forwarder

openvpn howto make OCSP server using OpenSSL [Part2]