[H-GEN] Fixes for excalibur's backup

Robert Brockway robert at timetraveller.org
Mon Jul 13 20:23:50 EDT 2009


On Tue, 14 Jul 2009, Russell Stuart wrote:

> We are writing 2.4M of log files per hour.  Either it gets reduced, or
> it isn't backed up.  I am not sure how useful backing up syslog and
> friends is.  Anybody got some thoughts they would like to share?

We might conceivably want to look at it if the box got trashed as a result 
of an attack but really it is an edge case.  I'm quite happy if you want 
to exclude /var/log from the backups extirely.

> My personal view is a small log file is a good log file.  No one is
> going to look at the 50M of log files we produce per day.  That said, I

We might analyse it if there is a problem.  I'm happy for the info to 
get logged and rotated out.

> I don't particularly care one way or the other, although I am not a huge
> fan of adding complexity for no good reason.  These dictionary attacks
> on ssh aren't a security issue as we don't allow password
> authentication.

Oh for course.  I had it in my mind we were allowing password (and didn't 
check).  Fail2ban is useless for key auth as it will never trigger.

*That* explains why I didn't put in before :)

So I think the best all round solution is to exclude /var/log from the 
backups.  We can live with that if we ever need to do a DR.

That way we can log to our hearts content and not worry about wasting 
bandwidth.

Here is a list of the directories I normally exclude from backups (whether 
or not they are present or contain data):

/cdrom
/floppy
/mnt
/proc
/sys
/tmp
/var/tmp

--one-file-system is a useful alternative of course.

Cheers,

Rob

-- 
I tried to change the world but they had a no-return policy
Projected IPv4 exhaustion: http://www.potaroo.net/tools/ipv4/index.html



More information about the General mailing list