How to setup Logrep client on Linux ?

Requirements

  1. A user account (xferuser for example). Home directory of this account will be used for temporary storage of logfiles
  2. OpenSSH server is installed.
  3. Perl is available.
  4. Public key part of a key pair for public key authentication.

Procedure

  1. Make directory ~xferuser/.ssh and /etc/logrep
  2. Copy public key to .ssh directory and rename it as authorized_keys
  3. Make sure that access to .ssh and authorized_keys are limited to ~xferuser with rw rights.
  4. Copy logrep.client.linux to /etc/logrep directory. Make sure that logrep.client.linux has execution permissions.
  5. Setup system cronjobs by using logrep.client.linux

logrep.client.linux examples (for use in crontab)

snort

/etc/logrep/logrep.client.linux -s snort -p /var/log/snort/alert -n 0 -u xferuser

copies snort alert file /var/log/snort/alert to xferuser's home directory.

squid

/etc/logrep/logrep.client.linux -s squid -p /var/log/squid/access.log -n 100000 -u xferuser

copies last 100000 lines from squid access file /var/log/squid/access.log to xferuser's home directory.

postfix

/etc/logrep/logrep.client.linux -s postfix -p /var/log/maillog -n 50000 -u xferuser

copies last 50000 lines from postfix mail logfile /var/log/maillog to xferuser's home directory.

apache

/etc/logrep/logrep.client.linux -s apache -p /var/log/apache/access.log -n 100000 -u xferuser

copies last 100000 lines from apache log file /var/log/apache/access.log to xferuser's home directory.

Trend Micro InterScan VirusWall

/etc/logrep/logrep.client.linux -s iscan -p /var/log/iscan -n 0 -u xferuser

merges last two files from InterScan VirusWall log directory /var/log/iscan to xferuser's home directory.