pbsync
- Version 4.0 and earlier: pbsync not available.
- Version 5.0 and later: pbsync available.
The pbsync command starts the log synchronization process. The command takes as an input one or more log servers, port numbers, and log file names, and uses that information to synchronize the network logs. This component is referred to as the client.
On the first execution of this feature, the complete event logs are transferred from the failover log servers to the primary log server; event log files are merged there into one log file to make auditing easier.
pbsync can request the following:
- That event logs from different log servers be merged
- That partial I/O logs from different log servers be merged into one I/O log
- That merged logs be sent to the client
For encrypted I/O logs to be successfully merged, all log servers must use the same encryption algorithm and key. For more information, see iologencryption.
In Endpoint Privilege Management for Unix and Linux version 6.0 and later, the log synchronization server (pbsyncd) uses the eventlog setting in its own pb.settings file to determine the location of the event log file when it receives a pbsync -l request. This change can cause errors when merging pre-version 6.0 event logs if the eventlog setting on the log synchronization server does not match the eventlog setting on the requesting client host. To ensure that pre-version 6.0 event logs are found by the log synchronization server, use pbsync with the -L option.
Syntax
pbsync [options] pbsync -v|--version pbsync --help
Arguments
| -l, --event | Uses the log synchronization server’s pb.settings file to automatically obtain the event log server, port, and event log file to use. Specify the event log file name in the eventlog keyword, specify the event log server in the logservers keyword, and use the syncport keyword to specify the port. |
| -L, --eventlog server_info[:path/file_ name[:port]] |
Manually adds a server to gather the event logs from. path and file_name are optional the path and file name of the event log file to retrieve. The server_info may be a hostname or an IP address. When specifying an IPv6 address, it must be enclosed in square brackets. If port is not specified, then the default port from the settings file (syncport setting) is used. You must repeat the -L switch for each server from which you want to retrieve event log files. |
| -i, --iosearch basepath |
Queries the I/O log servers that are listed in the logservers setting in the server’s pb.settings file to obtain any partial I/O log files that have basepath in their file names. basepath is the path and file name of the original I/O log file. All matching partial I/O log files are merged to create a single output I/O log file. Version 5.2 and earlier: option not available. Version 6.0 and later: option available. |
| -I, --iolog server_info:path/file_ name[:port] |
Manually adds a server to gather an I/O log file from. path and file_name are the required path and file name of the I/O log file to retrieve. The server_info may be a hostname or an IP address. When specifying an IPv6 address, it must be enclosed in square brackets. If port is not specified, then the default port from the settings file (syncport setting) is used. If this option is used to merge the I/O logs (without -r), only the I/O logs of the same session (partial I/O logs) are merged together in the generated output file. Any I/O log that does not belong to the same session as the first I/O log gathered are ignored. You must repeat the -I switch for each server from which you want to retrieve I/O log files. Version 5.2 and earlier: option not available. Version 6.0 and later: option available. |
| -o, --outputfile file_name | User-defined path for the local output file. Cannot be used with -O or -P. Path must be to a secure directory (that is, readable and writable by root only). |
| -O, --outputdir directory_name | Uses alternate path to write the collected files. Cannot be used with -o or -P. Path must be to a secure directory (that is, readable and write able by root only). |
| -d, --daemon | Starts the synchronization process in daemon mode. In daemon mode, pbsync attempts to resynchronize the specified logs at a frequency that is specified by the logresynctimermin setting in the client’s pb.settings file. |
| -r, --retrieve | Only retrieves log files; does not merge them. Cannot be used with -P. |
| -v, --version | Displays the version. |
| --help | Displays the help message and exits. |
Command Line Responses
| Command Line Response | Description |
|---|---|
| Synchronization daemon unable to start | The synchronization daemon was unable to start. |
| Synchronization daemon: Unknown request (0xcode) | The request from pbsync was unknown or not supported. |
| Unable to connect to log server <name> | The system is unable to establish communications with the server, and is therefore unable to retrieve the log records. |
| Unable to retrieve file <path> on server <name> | The remote server reports that it is unable to read or transmit the file; check the file permissions or path. |
|
Unique ID mismatch on <server name>:<path>: <uniqueID> (local ID: <uniqueID>) |
The unique ID in the remote log files mismatch with the local server. |
| Timed out while retrieving <server name>:<path>:<port> | The operation timed out while retrieving a remote log file, causing the merge to fail. |
| Insufficient storage space to complete synchronization | There is insufficient storage to either retrieve or merge the file; user must free up some space. |
| Success | The synchronization operation was successful. |
Files
None
pbsync -i /var/adm/pb.user1
pbsync -L dart:/var/log/pb.eventlog:6298 -L aji:/var/adm/pb.eventlog:6298
For more information, see pbsyncd.
