How to setup Logrep client on Linux ?
Requirements
- A user account (xferuser for example). Home directory of this account will be
used for temporary storage of logfiles
- OpenSSH server is installed.
- Perl is available.
- Public key part of a key pair for public key authentication.
Procedure
- Make directory ~xferuser/.ssh and /etc/logrep
- Copy public key to .ssh directory and rename it as authorized_keys
- Make sure that access to .ssh and authorized_keys are limited to ~xferuser with rw rights.
- Copy logrep.client.linux to /etc/logrep directory. Make sure that logrep.client.linux has execution permissions.
- Setup system cronjobs by using logrep.client.linux
logrep.client.linux examples (for use in crontab)
snort
/etc/logrep/logrep.client.linux -s snort -p /var/log/snort/alert -n 0 -u xferuser
copies snort alert file /var/log/snort/alert to ~xferuser/logrep directory and gzips it.
squid
/etc/logrep/logrep.client.linux -s squid -p /var/log/squid/access.log -n 100000 -u xferuser
copies last 100000 lines from squid access file /var/log/squid/access.log ~xferuser/logrep directory and gzips it.
postfix
/etc/logrep/logrep.client.linux -s postfix -p /var/log/maillog -n 50000 -u xferuser
copies last 50000 lines from postfix mail logfile /var/log/maillog to ~xferuser/logrep directory and gzips it.
apache
/etc/logrep/logrep.client.linux -s apache -p /var/log/apache/access.log -n 100000 -u xferuser
copies last 100000 lines from apache log file /var/log/apache/access.log to ~xferuser/logrep directory and gzips it.
Trend Micro InterScan VirusWall
/etc/logrep/logrep.client.linux -s iscan -p /var/log/iscan -n 0 -u xferuser
merges last two files from InterScan VirusWall log directory /var/log/iscan to ~xferuser/logrep directory and gzips it.