Backup, Restoration & Log Management

Backup Strategy

A solid backup plan answers:

What to back up (data, configs, databases)
Where to store backups (local, remote, cloud)
When to run backups (frequency)
How long to retain them

Key Metrics

Metric	Definition
RPO (Recovery Point Objective)	Max acceptable data loss (time between backups)
RTO (Recovery Time Objective)	Max acceptable downtime during restore

rsync — Efficient File Synchronization

rsync only transfers changed data, making it ideal for incremental backups.

Basic Usage

# Sync directory locally
rsync -av source/ destination/
 
# Key flags
# -a  Archive mode (preserves permissions, timestamps, symlinks)
# -v  Verbose output
# -z  Compress during transfer
# -h  Human-readable sizes
# --delete  Remove files in dest that don't exist in source
# --dry-run  Preview without executing

Remote Sync via SSH

# Push to remote server
rsync -avz -e ssh /var/www/ user@backup-server:/backups/www/
 
# Pull from remote server
rsync -avz -e ssh user@remote:/data/ /local/backup/
 
# With progress indicator
rsync -avz --progress /data/ user@backup:/data/

Incremental Backup Script

#!/bin/bash
# /home/ubuntu/backup.sh
 
SOURCE="/var/www /etc/nginx /var/lib/mysql"
DEST="user@backup-server:/backups/$(hostname)"
DATE=$(date +%Y%m%d)
LOG="/var/log/backup_$DATE.log"
 
echo "=== Backup started: $(date) ===" >> $LOG
 
for dir in $SOURCE; do
    rsync -avz --delete -e ssh "$dir" "$DEST/" >> $LOG 2>&1
done
 
echo "=== Backup completed: $(date) ===" >> $LOG

tar — Archive and Compress

Creating Archives

# Create tar archive
tar -cf backup.tar /var/www/
 
# Create compressed archive (gzip)
tar -czf backup.tar.gz /var/www/
 
# Create compressed archive (bzip2 — smaller but slower)
tar -cjf backup.tar.bz2 /var/www/
 
# With verbose output
tar -czvf backup.tar.gz /var/www/

Extracting Archives

# Extract tar
tar -xf backup.tar
 
# Extract gzip
tar -xzf backup.tar.gz
 
# Extract to specific directory
tar -xzf backup.tar.gz -C /restore/
 
# List contents without extracting
tar -tzf backup.tar.gz

Selective Operations

# Archive only specific file types
tar -czf configs.tar.gz /etc/nginx/*.conf
 
# Extract single file
tar -xzf backup.tar.gz var/www/index.html
 
# Add file to existing archive
tar -rf backup.tar newfile.txt
 
# Exclude patterns
tar -czf backup.tar.gz --exclude='*.log' --exclude='node_modules' /var/www/

Automated Backup with Cron

Complete Backup Script

#!/bin/bash
# /home/ubuntu/full_backup.sh
 
BACKUP_DIR="/var/backups"
DATE=$(date +%Y%m%d_%H%M%S)
RETENTION_DAYS=7
 
# Create backup directory
mkdir -p $BACKUP_DIR
 
# Backup web files
tar -czf "$BACKUP_DIR/www_$DATE.tar.gz" /var/www/ 2>/dev/null
 
# Backup NGINX configs
tar -czf "$BACKUP_DIR/nginx_$DATE.tar.gz" /etc/nginx/ 2>/dev/null
 
# Backup database
mysqldump -u root --all-databases | gzip > "$BACKUP_DIR/db_$DATE.sql.gz"
 
# Remove old backups
find $BACKUP_DIR -name "*.tar.gz" -mtime +$RETENTION_DAYS -delete
find $BACKUP_DIR -name "*.sql.gz" -mtime +$RETENTION_DAYS -delete
 
echo "$(date): Backup completed" >> /var/log/backup.log

Schedule with Cron

chmod +x /home/ubuntu/full_backup.sh
sudo crontab -e
 
# Daily at 2 AM
0 2 * * * /home/ubuntu/full_backup.sh
 
# Weekly full backup on Sunday
0 3 * * 0 /home/ubuntu/full_backup.sh

Linux Log Management

Log Locations

File	Contents
`/var/log/syslog`	General system activity
`/var/log/auth.log`	Authentication events
`/var/log/kern.log`	Kernel messages
`/var/log/nginx/access.log`	NGINX requests
`/var/log/nginx/error.log`	NGINX errors
`/var/log/mysql/error.log`	Database errors

Reading Logs

# Real-time monitoring
sudo tail -f /var/log/syslog
 
# Last 50 lines
sudo tail -n 50 /var/log/auth.log
 
# Search for patterns
sudo grep "Failed password" /var/log/auth.log
 
# Failed SSH attempts
sudo grep "Failed" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -rn
 
# Binary logs (login history)
last        # Login history
lastb       # Failed logins
who         # Currently logged in

Log Rotation

Logs grow indefinitely without rotation. logrotate manages this:

# View logrotate config
cat /etc/logrotate.conf
 
# Application-specific configs
ls /etc/logrotate.d/

Example rotation config (/etc/logrotate.d/nginx):

/var/log/nginx/*.log {
    daily
    rotate 14
    compress
    delaycompress
    missingok
    notifempty
    postrotate
        systemctl reload nginx > /dev/null 2>&1 || true
    endscript
}

Force Rotation

sudo logrotate -fv /etc/logrotate.conf

Performance Monitoring

top / htop

# Real-time process monitor
top
 
# Enhanced version
htop

System Load

# Quick load average
uptime
 
# Detailed CPU info
mpstat
 
# I/O statistics
iostat

Disk I/O

# Disk usage
df -h
 
# Directory sizes
du -sh /var/log/*
 
# I/O activity
sudo iotop

Troubleshooting Checklist

When a server has issues, check in this order:

# 1. Is the service running?
sudo systemctl status nginx
 
# 2. Check logs
sudo tail -50 /var/log/nginx/error.log
 
# 3. Check disk space
df -h
 
# 4. Check memory
free -h
 
# 5. Check CPU/processes
top
 
# 6. Check network
ss -tuln
ping 8.8.8.8
 
# 7. Check DNS
dig google.com
 
# 8. Check firewall
sudo ufw status

Summary

rsync syncs files efficiently (only transfers changes)
tar creates compressed archives for full backups
Automate backups with cron and retention policies
Logs live in /var/log/ — monitor with tail -f and grep
logrotate prevents logs from filling disk
Follow the troubleshooting checklist: service → logs → disk → memory → network

Course Complete

Congratulations! You've completed the Linux System Administration module. You now have the skills to:

Manage memory, storage, and LVM
Configure networking, firewalls, and SSH
Deploy NGINX as web server, reverse proxy, and load balancer
Administer MariaDB databases
Implement backup strategies and monitor system health

These skills form the foundation for everything else in DevOps — Docker, Kubernetes, CI/CD, and cloud infrastructure all build on this knowledge.

Learning Objectives