Howto Copy Log Files using rsync

Configure rsync daemon( at rsyslog server )


create file rsyncd.conf at /etc/ with this content
max connections = 2
log file = /var/log/rsync.log
timeout = 300
comment = Copy rsyslog Log file for splunk
path = /var/log/rsyslog
read only = yes
list = yes
uid = nobody
gid = nobody
# auth users = root
# secrets file = /etc/rsyncd.secrets
# host allow =

rsyncd.secret (optional)

just unmark the # at rsyncd.conf to activate the secret file

run the rsync daemon

#rsync --daemon --config=/etc/rsyncd.conf

rsync client ( at splunk server )

run this command for copy the log file
#rsync -avuzP rsync:// /var/log/rsyslog

create schedules to run rsync using cron

5 * * * * /usr/bin/rsync -avuzP rsync:// /var/log/rsyslog

Firewall Issue

Daemon need to open port 873:
#iptables -I INPUT -p tcp --dport 873 -j ACCEPT


Popular posts from this blog

authentication failure using SSH pam_unix(sshd:auth): authentication failure;

Howto configure SPLUNK Universal Forwarder

openvpn howto make OCSP server using OpenSSL [Part2]