4
\section*{Monitor Configuration}
5
\label{_MonitorChapter}
6
\index[general]{Monitor Configuration }
7
\index[general]{Configuration!Monitor }
8
\addcontentsline{toc}{section}{Monitor Configuration}
11
\index[general]{General }
12
\addcontentsline{toc}{subsection}{General}
14
The Monitor configuration file is a stripped down version of the Director
15
configuration file, mixed with a Console configuration file. It simply
16
contains the information necessary to contact Directors, Clients, and Storage
17
daemons you want to monitor.
19
For a general discussion of configuration file and resources including the
20
data types recognized by {\bf Bacula}, please see the
21
\ilink{Configuration}{_ChapterStart16} chapter of this manual.
23
The following Monitor Resource definition must be defined:
27
\ilink{Monitor}{MonitorResource} -- to define the Monitor's
28
name used to connect to all the daemons and the password used to connect to
29
the Directors. Note, you must not define more than one Monitor resource in
30
the Monitor configuration file.
32
\ilink{Client}{ClientResource1},
33
\ilink{Storage}{StorageResource1} or
34
\ilink{Director}{DirectorResource2} resource, to define the
38
\subsection*{The Monitor Resource}
39
\label{MonitorResource}
40
\index[general]{Monitor Resource }
41
\index[general]{Resource!Monitor }
42
\addcontentsline{toc}{subsection}{Monitor Resource}
44
The Monitor resource defines the attributes of the Monitor running on the
45
network. The parameters you define here must be configured as a Director
46
resource in Clients and Storages configuration files, and as a Console
47
resource in Directors configuration files.
53
Start of the Monitor records.
55
\item [Name = \lt{}name\gt{}]
57
Specify the Director name used to connect to Client and Storage, and the
58
Console name used to connect to Director. This record is required.
60
\item [Password = \lt{}password\gt{}]
62
Where the password is the password needed for Directors to accept the Console
63
connection. This password must be identical to the {\bf Password} specified
64
in the {\bf Console} resource of the
65
\ilink{Director's configuration}{_ChapterStart40} file. This
66
record is required if you wish to monitor Directors.
68
\item [Refresh Interval = \lt{}time\gt{}]
69
\index[fd]{Refresh Interval }
70
Specifies the time to wait between status requests to each daemon. It can't
71
be set to less than 1 second, or more than 10 minutes, and the default value
75
\subsection*{The Director Resource}
76
\label{DirectorResource2}
77
\index[general]{Director Resource }
78
\index[general]{Resource!Director }
79
\addcontentsline{toc}{subsection}{Director Resource}
81
The Director resource defines the attributes of the Directors that are
82
monitored by this Monitor.
84
As you are not permitted to define a Password in this resource, to avoid
85
obtaining full Director privileges, you must create a Console resource in the
86
\ilink{Director's configuration}{_ChapterStart40} file, using the
87
Console Name and Password defined in the Monitor resource. To avoid security
88
problems, you should configure this Console resource to allow access to no
89
other daemons, and permit the use of only two commands: {\bf status} and {\bf
90
.status} (see below for an example).
92
You may have multiple Director resource specifications in a single Monitor
99
Start of the Director records.
101
\item [Name = \lt{}name\gt{}]
103
The Director name used to identify the Director in the list of monitored
104
daemons. It is not required to be the same as the one defined in the Director's
105
configuration file. This record is required.
107
\item [DIRPort = \lt{}port-number\gt{}]
109
Specify the port to use to connect to the Director. This value will most
110
likely already be set to the value you specified on the {\bf
111
\verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
112
identical to the {\bf DIRport} specified in the {\bf Director} resource of
114
\ilink{Director's configuration}{_ChapterStart40} file. The
115
default is 9101 so this record is not normally specified.
117
\item [Address = \lt{}address\gt{}]
119
Where the address is a host name, a fully qualified domain name, or a network
120
address used to connect to the Director. This record is required.
123
\subsection*{The Client Resource}
124
\label{ClientResource1}
125
\index[general]{Resource!Client }
126
\index[general]{Client Resource }
127
\addcontentsline{toc}{subsection}{Client Resource}
129
The Client resource defines the attributes of the Clients that are monitored
132
You must create a Director resource in the
133
\ilink{Client's configuration}{_ChapterStart25} file, using the
134
Director Name defined in the Monitor resource. To avoid security problems, you
135
should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
138
You may have multiple Director resource specifications in a single Monitor
143
\item [Client (or FileDaemon)]
144
\index[fd]{Client (or FileDaemon) }
145
Start of the Client records.
147
\item [Name = \lt{}name\gt{}]
149
The Client name used to identify the Director in the list of monitored
150
daemons. It is not required to be the same as the one defined in the Client's
151
configuration file. This record is required.
153
\item [Address = \lt{}address\gt{}]
155
Where the address is a host name, a fully qualified domain name, or a network
156
address in dotted quad notation for a Bacula File daemon. This record is
159
\item [FD Port = \lt{}port-number\gt{}]
161
Where the port is a port number at which the Bacula File daemon can be
162
contacted. The default is 9102.
164
\item [Password = \lt{}password\gt{}]
165
\index[fd]{Password }
166
This is the password to be used when establishing a connection with the File
167
services, so the Client configuration file on the machine to be backed up
168
must have the same password defined for this Director. This record is
172
\subsection*{The Storage Resource}
173
\label{StorageResource1}
174
\index[general]{Resource!Storage }
175
\index[general]{Storage Resource }
176
\addcontentsline{toc}{subsection}{Storage Resource}
178
The Storage resource defines the attributes of the Storages that are monitored
181
You must create a Director resource in the
182
\ilink{Storage's configuration}{_ChapterStart31} file, using the
183
Director Name defined in the Monitor resource. To avoid security problems, you
184
should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
187
You may have multiple Director resource specifications in a single Monitor
194
Start of the Storage records.
196
\item [Name = \lt{}name\gt{}]
198
The Storage name used to identify the Director in the list of monitored
199
daemons. It is not required to be the same as the one defined in the Storage's
200
configuration file. This record is required.
202
\item [Address = \lt{}address\gt{}]
204
Where the address is a host name, a fully qualified domain name, or a network
205
address in dotted quad notation for a Bacula Storage daemon. This record is
208
\item [SD Port = \lt{}port\gt{}]
210
Where port is the port to use to contact the storage daemon for information
211
and to start jobs. This same port number must appear in the Storage resource
212
of the Storage daemon's configuration file. The default is 9103.
214
\item [Password = \lt{}password\gt{}]
215
\index[sd]{Password }
216
This is the password to be used when establishing a connection with the
217
Storage services. This same password also must appear in the Director
218
resource of the Storage daemon's configuration file. This record is required.
222
\subsection*{Tray Monitor Security}
223
\index[general]{Tray Monitor Security}
224
\addcontentsline{toc}{subsection}{Tray Monitor Security}
226
There is no security problem in relaxing the permissions on
227
tray-monitor.conf as long as FD, SD and DIR are configured properly, so
228
the passwords contained in this file only gives access to the status of
229
the daemons. It could be a security problem if you consider the status
230
information as potentially dangereous (I don't think it is the case).
232
Concerning Director's configuration: \\
233
In tray-monitor.conf, the password in the Monitor resource must point to
234
a restricted console in bacula-dir.conf (see the documentation). So, if
235
you use this password with bconsole, you'll only have access to the
236
status of the director (commands status and .status).
237
It could be a security problem if there is a bug in the ACL code of the
240
Concerning File and Storage Daemons' configuration:\\
241
In tray-monitor.conf, the Name in the Monitor resource must point to a
242
Director resource in bacula-fd/sd.conf, with the Monitor directive set
243
to Yes (once again, see the documentation).
244
It could be a security problem if there is a bug in the code which check
245
if a command is valid for a Monitor (this is very unlikely as the code
249
\subsection*{Sample Tray Monitor configuration}
250
\label{SampleConfiguration1}
251
\index[general]{Sample Tray Monitor configuration}
252
\addcontentsline{toc}{subsection}{Sample Tray Monitor configuration}
254
An example Tray Monitor configuration file might be the following:
259
# Bacula Tray Monitor Configuration File
262
Name = rufus-mon # password for Directors
263
Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
264
RefreshInterval = 10 seconds
270
FDPort = 9102 # password for FileDaemon
271
Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
276
SDPort = 9103 # password for StorageDaemon
277
Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
287
\subsubsection*{Sample File daemon's Director record.}
288
\index[general]{Sample File daemon's Director record. }
289
\index[general]{Record!Sample File daemon's Director }
290
\addcontentsline{toc}{subsubsection}{Sample File daemon's Director record.}
293
\ilink{here to see the full example.}{SampleClientConfiguration}
299
# Restricted Director, used by tray-monitor to get the
300
# status of the file daemon
304
Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
310
\subsubsection*{Sample Storage daemon's Director record.}
311
\index[general]{Record!Sample Storage daemon's Director }
312
\index[general]{Sample Storage daemon's Director record. }
313
\addcontentsline{toc}{subsubsection}{Sample Storage daemon's Director record.}
316
\ilink{here to see the full example.}{SampleConfiguration}
321
# Restricted Director, used by tray-monitor to get the
322
# status of the storage daemon
326
Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
332
\subsubsection*{Sample Director's Console record.}
333
\index[general]{Record!Sample Director's Console }
334
\index[general]{Sample Director's Console record. }
335
\addcontentsline{toc}{subsubsection}{Sample Director's Console record.}
338
\ilink{here to see the full
339
example.}{SampleDirectorConfiguration}
344
# Restricted console used by tray-monitor to get the status of the director
348
Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
349
CommandACL = status, .status