4 \section*{Monitor Configuration}
5 \label{_MonitorChapter}
6 \index[general]{Monitor Configuration }
7 \index[general]{Configuration!Monitor }
8 \addcontentsline{toc}{section}{Monitor Configuration}
11 \index[general]{General }
12 \addcontentsline{toc}{subsection}{General}
14 The Monitor configuration file is a stripped down version of the Director
15 configuration file, mixed with a Console configuration file. It simply
16 contains the information necessary to contact Directors, Clients, and Storage
17 daemons you want to monitor.
19 For a general discussion of configuration file and resources including the
20 data types recognized by {\bf Bacula}, please see the
21 \ilink{Configuration}{_ChapterStart16} chapter of this manual.
23 The following Monitor Resource definition must be defined:
27 \ilink{Monitor}{MonitorResource} -- to define the Monitor's
28 name used to connect to all the daemons and the password used to connect to
29 the Directors. Note, you must not define more than one Monitor resource in
30 the Monitor configuration file.
32 \ilink{Client}{ClientResource1},
33 \ilink{Storage}{StorageResource1} or
34 \ilink{Director}{DirectorResource2} resource, to define the
38 \subsection*{The Monitor Resource}
39 \label{MonitorResource}
40 \index[general]{Monitor Resource }
41 \index[general]{Resource!Monitor }
42 \addcontentsline{toc}{subsection}{Monitor Resource}
44 The Monitor resource defines the attributes of the Monitor running on the
45 network. The parameters you define here must be configured as a Director
46 resource in Clients and Storages configuration files, and as a Console
47 resource in Directors configuration files.
53 Start of the Monitor records.
55 \item [Name = \lt{}name\gt{}]
57 Specify the Director name used to connect to Client and Storage, and the
58 Console name used to connect to Director. This record is required.
60 \item [Password = \lt{}password\gt{}]
62 Where the password is the password needed for Directors to accept the Console
63 connection. This password must be identical to the {\bf Password} specified
64 in the {\bf Console} resource of the
65 \ilink{Director's configuration}{_ChapterStart40} file. This
66 record is required if you wish to monitor Directors.
68 \item [Refresh Interval = \lt{}time\gt{}]
69 \index[fd]{Refresh Interval }
70 Specifies the time to wait between status requests to each daemon. It can't
71 be set to less than 1 second, or more than 10 minutes, and the default value
75 \subsection*{The Director Resource}
76 \label{DirectorResource2}
77 \index[general]{Director Resource }
78 \index[general]{Resource!Director }
79 \addcontentsline{toc}{subsection}{Director Resource}
81 The Director resource defines the attributes of the Directors that are
82 monitored by this Monitor.
84 As you are not permitted to define a Password in this resource, to avoid
85 obtaining full Director privileges, you must create a Console resource in the
86 \ilink{Director's configuration}{_ChapterStart40} file, using the
87 Console Name and Password defined in the Monitor resource. To avoid security
88 problems, you should configure this Console resource to allow access to no
89 other daemons, and permit the use of only two commands: {\bf status} and {\bf
90 .status} (see below for an example).
92 You may have multiple Director resource specifications in a single Monitor
99 Start of the Director records.
101 \item [Name = \lt{}name\gt{}]
103 The Director name used to identify the Director in the list of monitored
104 daemons. It is not required to be the same as the one defined in the Director's
105 configuration file. This record is required.
107 \item [DIRPort = \lt{}port-number\gt{}]
109 Specify the port to use to connect to the Director. This value will most
110 likely already be set to the value you specified on the {\bf
111 \verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
112 identical to the {\bf DIRport} specified in the {\bf Director} resource of
114 \ilink{Director's configuration}{_ChapterStart40} file. The
115 default is 9101 so this record is not normally specified.
117 \item [Address = \lt{}address\gt{}]
119 Where the address is a host name, a fully qualified domain name, or a network
120 address used to connect to the Director. This record is required.
123 \subsection*{The Client Resource}
124 \label{ClientResource1}
125 \index[general]{Resource!Client }
126 \index[general]{Client Resource }
127 \addcontentsline{toc}{subsection}{Client Resource}
129 The Client resource defines the attributes of the Clients that are monitored
132 You must create a Director resource in the
133 \ilink{Client's configuration}{_ChapterStart25} file, using the
134 Director Name defined in the Monitor resource. To avoid security problems, you
135 should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
138 You may have multiple Director resource specifications in a single Monitor
143 \item [Client (or FileDaemon)]
144 \index[fd]{Client (or FileDaemon) }
145 Start of the Client records.
147 \item [Name = \lt{}name\gt{}]
149 The Client name used to identify the Director in the list of monitored
150 daemons. It is not required to be the same as the one defined in the Client's
151 configuration file. This record is required.
153 \item [Address = \lt{}address\gt{}]
155 Where the address is a host name, a fully qualified domain name, or a network
156 address in dotted quad notation for a Bacula File daemon. This record is
159 \item [FD Port = \lt{}port-number\gt{}]
161 Where the port is a port number at which the Bacula File daemon can be
162 contacted. The default is 9102.
164 \item [Password = \lt{}password\gt{}]
165 \index[fd]{Password }
166 This is the password to be used when establishing a connection with the File
167 services, so the Client configuration file on the machine to be backed up
168 must have the same password defined for this Director. This record is
172 \subsection*{The Storage Resource}
173 \label{StorageResource1}
174 \index[general]{Resource!Storage }
175 \index[general]{Storage Resource }
176 \addcontentsline{toc}{subsection}{Storage Resource}
178 The Storage resource defines the attributes of the Storages that are monitored
181 You must create a Director resource in the
182 \ilink{Storage's configuration}{_ChapterStart31} file, using the
183 Director Name defined in the Monitor resource. To avoid security problems, you
184 should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
187 You may have multiple Director resource specifications in a single Monitor
194 Start of the Storage records.
196 \item [Name = \lt{}name\gt{}]
198 The Storage name used to identify the Director in the list of monitored
199 daemons. It is not required to be the same as the one defined in the Storage's
200 configuration file. This record is required.
202 \item [Address = \lt{}address\gt{}]
204 Where the address is a host name, a fully qualified domain name, or a network
205 address in dotted quad notation for a Bacula Storage daemon. This record is
208 \item [SD Port = \lt{}port\gt{}]
210 Where port is the port to use to contact the storage daemon for information
211 and to start jobs. This same port number must appear in the Storage resource
212 of the Storage daemon's configuration file. The default is 9103.
214 \item [Password = \lt{}password\gt{}]
215 \index[sd]{Password }
216 This is the password to be used when establishing a connection with the
217 Storage services. This same password also must appear in the Director
218 resource of the Storage daemon's configuration file. This record is required.
222 \subsection*{Tray Monitor Security}
223 \index[general]{Tray Monitor Security}
224 \addcontentsline{toc}{subsection}{Tray Monitor Security}
226 There is no security problem in relaxing the permissions on
227 tray-monitor.conf as long as FD, SD and DIR are configured properly, so
228 the passwords contained in this file only gives access to the status of
229 the daemons. It could be a security problem if you consider the status
230 information as potentially dangereous (I don't think it is the case).
232 Concerning Director's configuration: \\
233 In tray-monitor.conf, the password in the Monitor resource must point to
234 a restricted console in bacula-dir.conf (see the documentation). So, if
235 you use this password with bconsole, you'll only have access to the
236 status of the director (commands status and .status).
237 It could be a security problem if there is a bug in the ACL code of the
240 Concerning File and Storage Daemons' configuration:\\
241 In tray-monitor.conf, the Name in the Monitor resource must point to a
242 Director resource in bacula-fd/sd.conf, with the Monitor directive set
243 to Yes (once again, see the documentation).
244 It could be a security problem if there is a bug in the code which check
245 if a command is valid for a Monitor (this is very unlikely as the code
249 \subsection*{Sample Tray Monitor configuration}
250 \label{SampleConfiguration1}
251 \index[general]{Sample Tray Monitor configuration}
252 \addcontentsline{toc}{subsection}{Sample Tray Monitor configuration}
254 An example Tray Monitor configuration file might be the following:
259 # Bacula Tray Monitor Configuration File
262 Name = rufus-mon # password for Directors
263 Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
264 RefreshInterval = 10 seconds
270 FDPort = 9102 # password for FileDaemon
271 Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
276 SDPort = 9103 # password for StorageDaemon
277 Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
287 \subsubsection*{Sample File daemon's Director record.}
288 \index[general]{Sample File daemon's Director record. }
289 \index[general]{Record!Sample File daemon's Director }
290 \addcontentsline{toc}{subsubsection}{Sample File daemon's Director record.}
293 \ilink{here to see the full example.}{SampleClientConfiguration}
299 # Restricted Director, used by tray-monitor to get the
300 # status of the file daemon
304 Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
310 \subsubsection*{Sample Storage daemon's Director record.}
311 \index[general]{Record!Sample Storage daemon's Director }
312 \index[general]{Sample Storage daemon's Director record. }
313 \addcontentsline{toc}{subsubsection}{Sample Storage daemon's Director record.}
316 \ilink{here to see the full example.}{SampleConfiguration}
321 # Restricted Director, used by tray-monitor to get the
322 # status of the storage daemon
326 Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
332 \subsubsection*{Sample Director's Console record.}
333 \index[general]{Record!Sample Director's Console }
334 \index[general]{Sample Director's Console record. }
335 \addcontentsline{toc}{subsubsection}{Sample Director's Console record.}
338 \ilink{here to see the full
339 example.}{SampleDirectorConfiguration}
344 # Restricted console used by tray-monitor to get the status of the director
348 Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
349 CommandACL = status, .status