Configure rsync daemon( at rsyslog server )
rsyncd.conf
create file rsyncd.conf at /etc/ with this content
max connections = 2 log file = /var/log/rsync.log timeout = 300
[rsyslog] comment = Copy rsyslog Log file for splunk path = /var/log/rsyslog read only = yes list = yes uid = nobody gid = nobody # auth users = root # secrets file = /etc/rsyncd.secrets # host allow = 192.168.0.200
rsyncd.secret (optional)
just unmark the # at rsyncd.conf to activate the secret file
root:PLa1nr0otP4s$wOrd
run the rsync daemon
#rsync --daemon --config=/etc/rsyncd.conf
rsync client ( at splunk server )
run this command for copy the log file
#rsync -avuzP rsync://192.168.0.3/rsyslog /var/log/rsyslog
create schedules to run rsync using cron
PATH=/sbin:/bin:/usr/sbin:/usr/bin 5 * * * * /usr/bin/rsync -avuzP rsync://192.168.0.3/rsyslog /var/log/rsyslog
Firewall Issue
Daemon need to open port 873:
#iptables -I INPUT -p tcp --dport 873 -j ACCEPT
Comments
Post a Comment