Скорее затем архивируя его и ftping, используйте rsync по сети. Если Вы будете делать новый каталог для каждой даты и будете использовать - опция ссылки-dest связать его назад с предыдущим каталогом, то это будет только хранить измененные файлы, и файлы, которые не изменяются, будут жесткой ссылкой на предыдущую.
Я отправил некоторый код в том, Какое решение для резервного копирования Вы используете для серверов Linux
From the iptables
manpage:
LOG
Turn on kernel logging of matching packets. When this option is set
for a rule, the Linux kernel will print some information on all match-
ing packets (like most IP header fields) via the kernel log (where it
can be read with dmesg or syslogd(8)). This is a "non-terminating tar-
get", i.e. rule traversal continues at the next rule. So if you want
to LOG the packets you refuse, use two separate rules with the same
matching criteria, first using target LOG then DROP (or REJECT).
"non-terminating" is the key terminology here. You can place LOG
targets wherever you like, with the understanding that any target that "terminates" before the LOG
entry will not be logged.
You need to structure your firewall rules intelligently. PSAD works by monitoring the log of connections to your system and then based on various heuristics makes a decision as to whether someone is scanning your system.
The LOG target is non terminating so once a packet has been logged it is passed back to the originating chain for further processing
Roughly you need to: