how to transfer log file to another linux server for processing

syslog rsyslog syslog-ng
7,836
  1. My preferred method as suggested by ryekayo is to just send the syslog messages to local file AND to remote host:

/etc/rsyslog.conf:

authpriv.* /var/log/secure
authpriv.* @remote_host.com

(This part of the facility I think works with pretty much all syslog daemons. The part about sorting things out at the other end is specific to rsyslog.)

then at the remote end you need to setup the receiving server to filter the remote messages into the appropriate place (by sending host with %HOSTNAME% as part of file name, by facility %syslogfacility-text%, program name %programname%, etc.)

  1. As you say, you can use scp with cron
  2. Alternatively, I think if you use rsync 
    rsync ~/my_log_file.txt user@remote_host.com:/remote/log/directory
    with cron you can save recopying the first part of the log file (I express uncertainty since you definitely save COPYING the already transferred portion, but you still do a comparison on each side to locate the already transferred portion to skip. This should be gentler on SSDs and avoids dirtying kernel IO buffers, but it is still incurring IO ops to scan the beginning at both ends.).
  3. NFS (or Ceph/GlusterFS/SMBFS) mount one machine's directory onto the other, and do a continuous tail onto the other machine.

Those are the options I can think of.

Depending on your goal for transferring the logs, you can be more efficient by including the transfer in the post-rotate of logrotate if the goal is to store them long term on a bigger disk. If the goal is to have access to the logs from the last 5 minutes (eg for OSSEC), then the above transfer methods are better.

The other thing to note is that if you feel the machine generating logs is unreliable, or insecure, it might be better to have the log-storing host copy from the log generating machine than give it permission to write to the remote machine.

Share:
7,836

Related videos on Youtube

Carmel
Author by

Carmel

Updated on September 18, 2022

Comments

  • Carmel
    Carmel over 1 year

    Is there an reliable way to transfer logs from one server to another?

    Currently i'm using cron script to transfer file with scp to another server every 5 minutes.

    */5 * * * * root

    scp ~/my_log_file.txt user@remote_host.com:/remote/log/directory

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Understand logging in Linux
Confused with syslog message format
Converting syslog-ng 3.0? format to 3.2 format
Increase precision of apache log to include milliseconds
How can I configure logrotate without having `/etc/logrotate.d/rsyslog`?
rsyslog filter by tag
How to include millisecond in syslogs?
Accidentally deleted /var/log/syslog
Configuring SELINUX to allow logging to a file that's outside /var/log
How do I configure rsyslog to send logs from a specific program to a remote syslog server?