This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Abraham_Mathai1
Participant
‎2021-07-28 03:59 AM

Automate Log copy to external SFTP

Hi Team,
 
I want to create a automated script for my customer to copy all the log file from Smart Event server to an external storage due to space crunch. once after the data is copied the files to be deleted from Event server. I am not a scripter so share the most information you can.
----------------------
 
#!/bin/bash
 
#Find log files inside the /var/log directory that are at least three months old and store those files in a #text file.
find $FWDIR/log/ -name "2021*" -type f -mtime +5 2> /dev/null > log_files_to_transfer.txt
 
#Send all of the files found to the remote log server via sftp.
for file in log_files_to_transfer.txt; do
echo put $file | sftp -b- test@10.10.18.1:/
done
 
#Find log files inside the /var/log directory that are at least three months old and delete them.
find $FWDIR/log/ -name "2021*" -type f -mtime +5 2> /dev/null -exec rm -f {} \;
exit 0
--------------------------
 
This script is not working for SFTP. Could someone help me to fix this. If anyone has any other script to achieve the same job please share.
Labels
0 Kudos
2 Replies
_Val_
Admin
Admin
‎2021-07-30 05:24 AM

I do not see the password sent to sftp auth in the script. 

0 Kudos
masher
Employee
Employee
‎2021-07-30 06:30 AM

When I ran the script, it doesn't read from the log_files_to_transfer.txt. My example below uses a SSH key for authentication to the remote host. Without the ssh key, then there's no method for authentication with SFTP.

#!/bin/bash

#Find log files inside the /var/log directory that are at least three months old and store those files in a #text file.
find $FWDIR/log/ -name "2021*" -type f -mtime +5 2> /dev/null > log_files_to_transfer.txt

#Send all of the files found to the remote log server via sftp.
for file in `cat log_files_to_transfer.txt`
  do
   echo put $file | sftp -b- -i /home/admin/.ssh/SSHKEY <user>@<ip>:<directory>
done

If you're running it from a cronjob, then the script won't understand the $FWDIR environment variable and it will need to be sourced first. This can be added above your first find statement. 

source /tmp/.CPprofile.sh

I didn't test the log removal section of your script. I would consider using the built-in log storage management functionality that can be found in SmartConsole rather than scripting the removal of log files. The copy script can be referenced to run before log deletion.

- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events