Backup logfiles over network

The easiest way would be to use a ntework protocoll that is mountable. SMB/CIFS are mountable, NFS too. Then you would copy the files as just to that mounted folder.

After doing some googlin i found that you can setup a remote syslogser.
the thing to do is edit the file /etc/syslog.conf and add the following line:

*.*                   @xxx.xxx.xxx.xxx. <----ip of remote syslog server that you can setup.

so far so good. So i was wondering if anyone know where these files wll be stored on the syslog server ?

Usually they go to the syslog file on that server.

I was  thinking the same thing! but is it possible to define a direcotry so the logs from different servers are sperated

Not directly, but I believe you can use the "local0.." labels to have them piped to another file.

Hi.

Do you have ssh installed in all machines? I believe you do, since that is necessarily these days.

Try the following script:

--------------------------------------------------------------------
#!/bin/sh

THISMACHINE=$(hostname)
COPYTO="destination-hostname-or-ip"


mkdir -p /usr/local/backup/logs

cp -R /var/log/syslog* /usr/local/backup/logs/

#this will create /usr/local/backup/mylogs.tar.gz:
tar -zcvf /usr/local/backup/mylogs.tar.gz /usr/local/backup/logs/

#this will create the target dir in the target server, and
# copy the file
ssh root@$COPYTO "mkdir -p /usr/local/backup/$THISMACHINE"
scp /usr/local/backup/mylogs.tar.gz root@$COPYTO:/usr/local/backup/

--------------------------------------------------------------------

Please notice that, using this script, it will keep asking your password.

You'd have to share your root's public keys between the hosts, and it will stop asking for it.

A quick way to do that is:

# ssh-keygen -t rsa
# cat ~/.ssh/id_rsa.pub  | ssh <THE OTHER HOST> 'cat >> ~/.ssh/authorized_keys'

Do this in each host.

Then you're done :-)

Sorry.

change this line:
scp /usr/local/backup/mylogs.tar.gz root@$COPYTO:/usr/local/backup/

to:
scp /usr/local/backup/mylogs.tar.gz root@$COPYTO:/usr/local/backup/$THISMACHINE-logs.tar.bz

This looks great. Only a few questions so i'll understand it

the 2 computer will make ssh connection. for a ssh connection you need a username and password rigth ?
so the username and password are known in the file ? or do i let the computer have acces between eachother (ssh keys) ? The only problem with this is that if a hacker is hacking the system he also will have acces tot the other system where the logfiles ar stored.

Correct me if i'm wrong

With SSH you can configure your system so that it authentifies itself via private/public keys, plus your login. The hacker would need those keys in order to connect. You can use OpenSSL to manage these keys.

so when i make those keys on a system, the hacker can't use them?

btw i'm raisng the point so i can give some more assistent points away

The hacker would either need the files, or break theencryption of those keys, and that is very difficult with today's knowledge and hardware, as long as you use a strong key (with 1024 bit encryption or higher). Of course if the hacker can access a PC which contains those keys and knows your login, then you might as well not use any security at all. The advantage of SSH compared to telnet is that the athentification happens encrypted using SSH, and in Telnet it is in the clear, so a hacker listening in could pick up that data and then have no problem missusing your login.

i'm finally back from the weekend. I'm planning to try this script todat! only the following line is a little bit unclear to me:

# cat ~/.ssh/id_rsa.pub  | ssh <THE OTHER HOST> 'cat >> ~/.ssh/authorized_keys'

I'm using a Red Hat 4 machine and a fedora 3 machine.

Ok :) i've got it working! only 1 thing is bugging me ( maybe i don't get it ).

I have 2 machines

machine 1
machine 2

i performed the SSH key authentication on both machines

machine 1 writes it's logfiles to machine 2. So i have a crontab running @ machine 1 that is backinup the log files daily @ 11 pm.
Now lets say a hacker hacked into machine 1 and looks into the crontab of machine 1. Now he will se a backup script is running to machine 2.
The only thing he has todo is type (ssh machine 2IP) to gain access.
Isn't this way to dangerous

How would the hacker hack into machine 1? If the hacker doesn't have actual physical access tp machine 1, you need to make sure that this machine itself alco can only be reached from the outside via SSH. Also make sure you can't SSH to the machine as root, but only as a restricted user. Being a restricted user in his own environment would hide all system files including cron jobs etc from a hacker. If you still need more access once you have ssh'd to the box, you can use su to get more access. Even if the hacker had physical access to the PC, you can restrict access that way. Just never use root when not absolutely necessary.

ok well i'm still testing it. it is still possible to ssh into the machine as ROOT. what file/line do i have to modify to prefent ssh login as root.?

Just create a line in sshd_config:

DenyUsers root

ok, 1 last question: i've just added this line:

# cat ~/.ssh/id_rsa.pub  | ssh <THE OTHER HOST> 'cat >> ~/.ssh/authorized_keys'

So the ssh conection wouldn't keep asking for a password, but lets say i want to remove the auto authentication so every connection from that computer requires a password again....how :?

raised to 500 points! you 2 guys helped me perfectly so each will get 250 points.