Hello, First, I am pleased to see that someone besides my self is using Bacula as an IDS. I find it very useful, though there is one one point you should be aware of: it appears that when the retention period expires, Bacula will prune the InitCatalog, and hence you will suddendly get a very large difference. This is annoying, but in looking quickly at the code several times, I have not found why this happens.
Please see below: ... On Thursday 15 March 2007 06:53, Tony Lewis wrote: > (note, I posed this on #bacula very recently, in abbreviated form. > Sorry for dupes) > > I use bacula for both backups and as part of intrusion detection. The > IDS part is so if this public webserver gets hacked, I can see all the > files changed, and revert them. > > To do this properly, I need an easy way to say to bacula, > > show me all versions of file /blah/file > (a ha, it's in Full job 10, and changed in Incremental job 17) > now, get me the versions of /blah/file in jobs 10 and 17, and drop > them somewhere so I can compare > > > There doesn't seem to be a neat way for me to do this. The best I've > come up with is to use custom SQL queries, and search for the right > FilenameId and PathId, which resolves to a list of JobIds, FileIds and > corresponding MD5 sums. From this, I can initiate two manual restore > jobs and then compare files. > > It's a very handraulic task at the moment. Is there an easier way to do > this? > > Specifically, is there a way, once I have a FileId, of scripting a > restore of that file to a directory, rather than launching the restore > task and navigating the quasi-filesystem and marking the file? Yes, I believe that Bacula has exactly what you need -- hopefully anyway. First create a new table in the database -- any name will do. It can any number of columns, but the first two must be "JobId" and "FileId". Any other columns are ignored. Bacula will not check the titles of the columns, but they must contain JobId and FileId values. Now, use SQL commands to fill the rows with JobId, FileId pairs that you want restored. Then run a "restore" command and select either option 4 or 5 and enter: ?<table-name> where you replace <table-name> with the name of the table you created. Bacula will then look for and restore each of the JobId, FileId pairs. Note, if you want to restore multiple copies of the same file, you will need to run multiple restores since if you restore two or more different copies of the same file, they will simply overwrite each other giving you only the last copy. If/when you get this working, we would appreciate to hear about it. Best regards, Kern ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
