Shulou(Shulou.com)06/03 Report--

Back up the Windows event log using rsync

Windows version software: cwRsyncServer

The installation is relatively simple and can be done in the next step. You can set your own password when you enter it into the account creation page.

Server: cwRsyncServer_4.0.5_Installe.zip client: cwRsync_4.0.5_Installer.zip

Due to special reasons, the Application, Security, Setup and System event logs of Windows need to be collected, and the location of the event log is in C:\ Windows\ System32\ winevt\ Logs. It has been tested that rsync cannot synchronize the files in this directory, so it is hard-linked to another directory.

Body creation hard link echo offmd C:\ Eventlogmklink / HC:\ Eventlog\ System.evtx C:\ Windows\ System32\ winevt\ Logs\ System.evtx mklink / H C:\ Eventlog\ Setup.evtx C:\ Windows\ System32\ winevt\ Logs\ Setup.evtxmklink / H C:\ Eventlog\ Security.evtx C:\ Windows\ System32\ winevt\ Logs\ Security.evtxmklink / H C:\ Eventlog\ Application.evtx C:\ Windows\ System32\ winevt\ Logs\ Application.evtxrsync server

Configuration file

Use chroot = falsestrict modes = falselog file = rsyncd.logpid file = rsyncd.pid port = 8173 # default port 8173 uid = 0 # do not specify uid, without this line will not be able to use any account gid = 0 # do not specify gid max connections = 20 # the number of most Dalian connections 20 hosts allow = IP # here write IPread only = yes [module name] path = / cygdrive/e/ path / # "/ cygdrive/e/" cannot be changed The subsequent write path transfer logging = yes lock file = rsyncd.lockread only = false # turns off read-only and uses rsync client push, so you need to turn off log file = # here to record the transmission log and write the path

After configuration, start the service and open port 8173 at the firewall.

Client

Bat script echo offc:cd C:\ Program Files (x86)\ ICW\ Binrsync-avzP-- progress-- checksum-- port=8173 / cygdrive/c/ path / server IP:: module name

Client (push side) bat script

Schtasks / create / sc minute / mo 5 / tn "rsync" / st 00:00 / tr C:\ rsync\ rsyslog.bat / ru System # cmd create a scheduled task "rsync" and use the system account to execute the script rsyslog.bat every 5 minutes from 0: 00 on the same day.

You can also manually create scheduled tasks

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.