Page 1 of 1 1
Topic Options
#205682 - 2012-09-07 03:12 PM Backup system logs
BradV Offline
Seasoned Scripter

Registered: 2006-08-16
Posts: 686
Loc: Maryland, USA
OK, I've been avoiding this for a while, but need to get to it. \:\)

I have about 30 Windows 2008 R2 servers. I am in a security group at the domain level that is part of the local administrators group for each but I am not a domain admin. I need to come up with a mechanism to backup the security log to long term storage. The long term storage is an irix system. I have SSH Tectia Client installed on each Windows server and I have set up SSH so that I can scp to the long term storage.

I wrote a short script to just test backing up the security log. Just:

If BackupEventLog("security", $strFile)
   ? @SERROR

produces "A required privilege is not held by the client." I double checked and the security group that I am in is in the administrator's group. Any suggestions?

Quick note: I can backup the events from the computer management console.

#205693 - 2012-09-08 08:54 AM Re: Backup system logs [Re: BradV]
NTDOC Administrator Offline

Registered: 2000-07-28
Posts: 11622
Loc: CA
Couple issues.

Ongoing backup as a scheduled task probably should not use your own credentials but regardless of which credentials they probably need to be a member of the Backup Operators group on the server and run with elevated rights.

#205706 - 2012-09-10 12:27 PM Re: Backup system logs [Re: NTDOC]
BradV Offline
Seasoned Scripter

Registered: 2006-08-16
Posts: 686
Loc: Maryland, USA
Yes, that is one of the difficult tasks. I have to create a system account that can run the backupeventlog and cleareventlog functions as well as I need to create an RSA key for it. The RSA key is used to transfer the backups to the IRIX system. Still working on it. \:\)
#205725 - 2012-09-11 01:35 AM Re: Backup system logs [Re: BradV]
Glenn Barnas Administrator Offline
KiX Supporter

Registered: 2003-01-28
Posts: 4395
Loc: New Jersey

I have a logMaint utility that can run as a system service via SrvAny. I use it to dump my event logs on all servers every night, leaving 30 days of logs locally. It can call a command on completion, so a simple SCP command would give you what you need without local account issues.

Running as a system service eliminates scheduled tasks, user accounts, etc. The single service can be configured to manage dozens of logs. On my web servers, it dumps the event logs nightly, deletes old web files after 60 days, and mail transaction logs after 30 days (and does it for multiple web/mail services).

The same code can run via the system scheduler to perform a single log cleanup.

It can run a command, stop a service, move the log to an archive name or folder, delete expired archived logs, start the service, then run another command if needed. It can archive by renaming, moving to a folder, or moving to a ZIP file. Each of these options is configurable on a per log basis.

PM me if you are interested in this.

Actually I am a Rocket Scientist! \:D

Page 1 of 1 1

Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 400 anonymous users online.
Newest Members
Raffy, proprzemo, Lolica12, perices, Relakz
17848 Registered Users

Generated in 0.07 seconds in which 0.032 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google: