[H-GEN] Fixes for excalibur's backup
Robert Brockway
robert at timetraveller.org
Mon Jul 13 20:23:50 EDT 2009
On Tue, 14 Jul 2009, Russell Stuart wrote:
> We are writing 2.4M of log files per hour. Either it gets reduced, or
> it isn't backed up. I am not sure how useful backing up syslog and
> friends is. Anybody got some thoughts they would like to share?
We might conceivably want to look at it if the box got trashed as a result
of an attack but really it is an edge case. I'm quite happy if you want
to exclude /var/log from the backups extirely.
> My personal view is a small log file is a good log file. No one is
> going to look at the 50M of log files we produce per day. That said, I
We might analyse it if there is a problem. I'm happy for the info to
get logged and rotated out.
> I don't particularly care one way or the other, although I am not a huge
> fan of adding complexity for no good reason. These dictionary attacks
> on ssh aren't a security issue as we don't allow password
> authentication.
Oh for course. I had it in my mind we were allowing password (and didn't
check). Fail2ban is useless for key auth as it will never trigger.
*That* explains why I didn't put in before :)
So I think the best all round solution is to exclude /var/log from the
backups. We can live with that if we ever need to do a DR.
That way we can log to our hearts content and not worry about wasting
bandwidth.
Here is a list of the directories I normally exclude from backups (whether
or not they are present or contain data):
/cdrom
/floppy
/mnt
/proc
/sys
/tmp
/var/tmp
--one-file-system is a useful alternative of course.
Cheers,
Rob
--
I tried to change the world but they had a no-return policy
Projected IPv4 exhaustion: http://www.potaroo.net/tools/ipv4/index.html
More information about the General
mailing list