Howto Copy Log Files using rsync

Configure rsync daemon( at rsyslog server )

rsyncd.conf

create file rsyncd.conf at /etc/ with this content
max connections = 2
log file = /var/log/rsync.log
timeout = 300
[rsyslog]
comment = Copy rsyslog Log file for splunk
path = /var/log/rsyslog
read only = yes
list = yes
uid = nobody
gid = nobody
# auth users = root
# secrets file = /etc/rsyncd.secrets
# host allow = 192.168.0.200

rsyncd.secret (optional)

just unmark the # at rsyncd.conf to activate the secret file
root:PLa1nr0otP4s$wOrd

run the rsync daemon

#rsync --daemon --config=/etc/rsyncd.conf

rsync client ( at splunk server )

run this command for copy the log file
#rsync -avuzP rsync://192.168.0.3/rsyslog /var/log/rsyslog

create schedules to run rsync using cron

PATH=/sbin:/bin:/usr/sbin:/usr/bin
5 * * * * /usr/bin/rsync -avuzP rsync://192.168.0.3/rsyslog /var/log/rsyslog

Firewall Issue

Daemon need to open port 873:
#iptables -I INPUT -p tcp --dport 873 -j ACCEPT

Comments