From owner-freebsd-questions@FreeBSD.ORG Mon Aug 24 16:25:36 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E96F1065691 for ; Mon, 24 Aug 2009 16:25:36 +0000 (UTC) (envelope-from kraduk@googlemail.com) Received: from mail-fx0-f210.google.com (mail-fx0-f210.google.com [209.85.220.210]) by mx1.freebsd.org (Postfix) with ESMTP id D39AB8FC24 for ; Mon, 24 Aug 2009 16:25:35 +0000 (UTC) Received: by fxm6 with SMTP id 6so1452233fxm.43 for ; Mon, 24 Aug 2009 09:25:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=S6Ej5D7EbPKSw+igqgckWZo3AyW2Lp2XP8UXKrhLDaM=; b=OZrqyWS+PGH+rLKscfYQNjEkU7wnA9JEFz8WRu0flE1JdsupJghXV216ILfNThrkXa OmqaBcmXJk23JrSwwn0eEsVnQ31corZ6fEJayCudu3yj6yUOWSe//g+d0h5G4Vg8eV2g nM3lsvI13l94IT5/qJc2OXVyzIjgJrM3eQZYI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=HuNPzKwpZXS5zLJzAgHnOY7aPfCLUWOH6mygHBOkSLP0Kw3unZKCDhECelyMANOy7n 34nuxD2uKY3fyI7JwgYXo7waRESOOkgqvkaNpKFDV6dSdMIkiW5imRm+T3T1WoP5vWVJ +/RslsZm+dMkNDhE8dSNO3SUDrCHeZ9I/BBZk= MIME-Version: 1.0 Received: by 10.103.126.7 with SMTP id d7mr1437232mun.115.1251131134908; Mon, 24 Aug 2009 09:25:34 -0700 (PDT) In-Reply-To: References: <26ddd1750908240857gb2973b8h7bc06e0a92b82859@mail.gmail.com> Date: Mon, 24 Aug 2009 17:25:34 +0100 Message-ID: From: chris scott To: Maxim Khitrov Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Free BSD Questions list Subject: Re: Continuous backup of critical system files X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2009 16:25:36 -0000 2009/8/24 chris scott > > > 2009/8/24 Maxim Khitrov > > Hello all, >> >> I'm setting up a firewall using FreeBSD 7.2 and thought that it may >> not be a bad idea to have a continuous backup for important files like >> pf and dnsmasq configurations. By continuous I mean some script that >> would be triggered every few minutes from cron to automatically create >> a backup of any monitored file if it was modified. I also have a full >> system backup in place that is executed daily (dump/restore to a >> compact flash card), so the continuous backup would really be for >> times when someone makes a mistake editing one of the config files and >> needs to revert it to a previous state. >> >> My initial thought was to create a mercurial repository at the file >> system root and exclude everything except for explicitly added files. >> I'd then run something like "hg commit -m `date`" from cron every 10 >> minutes to record the changes automatically. Can anyone think of a >> better way to do this (existing port specifically for this purpose)? >> Obviously, I need a way to track the history of a file and revert to a >> previous state quickly. The storage of changes should be as >> size-efficient as possible. >> >> - Max >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > > I rsync all my system files to a filer running zfs. I have a separate zfs > fs for every host and then I snapshot the fs after the rsync. We then keep > 35 snapshots for retention as we do daily rsyncs. > > > You might want more of a rolling snapshot policy. Keep on for every 10 mins > of the last hour, then drop it to hourly for the next 6 hours, then daily, > then weekly etc > > Works quite well. We have also found it handy for forensics as well, when > we have had a fault > i forgot to say it need not be a zfs backend just a fs that you can reliably do snapshots