4 \chapter{Monitor Configuration}
5 \label{_MonitorChapter}
6 \index[general]{Monitor Configuration }
7 \index[general]{Configuration!Monitor }
9 The Monitor configuration file is a stripped down version of the Director
10 configuration file, mixed with a Console configuration file. It simply
11 contains the information necessary to contact Directors, Clients, and Storage
12 daemons you want to monitor.
14 For a general discussion of configuration file and resources including the
15 data types recognized by {\bf Bacula}, please see the
16 \ilink{Configuration}{ConfigureChapter} chapter of this manual.
18 The following Monitor Resource definition must be defined:
22 \ilink{Monitor}{MonitorResource} -- to define the Monitor's
23 name used to connect to all the daemons and the password used to connect to
24 the Directors. Note, you must not define more than one Monitor resource in
25 the Monitor configuration file.
27 \ilink{Client}{ClientResource1},
28 \ilink{Storage}{StorageResource1} or
29 \ilink{Director}{DirectorResource2} resource, to define the
33 \section{The Monitor Resource}
34 \label{MonitorResource}
35 \index[general]{Monitor Resource }
36 \index[general]{Resource!Monitor }
38 The Monitor resource defines the attributes of the Monitor running on the
39 network. The parameters you define here must be configured as a Director
40 resource in Clients and Storages configuration files, and as a Console
41 resource in Directors configuration files.
47 Start of the Monitor records.
49 \item [Name = \lt{}name\gt{}]
51 Specify the Director name used to connect to Client and Storage, and the
52 Console name used to connect to Director. This record is required.
54 \item [Password = \lt{}password\gt{}]
56 Where the password is the password needed for Directors to accept the Console
57 connection. This password must be identical to the {\bf Password} specified
58 in the {\bf Console} resource of the
59 \ilink{Director's configuration}{DirectorChapter} file. This
60 record is required if you wish to monitor Directors.
62 \item [Refresh Interval = \lt{}time\gt{}]
63 \index[fd]{Refresh Interval }
64 Specifies the time to wait between status requests to each daemon. It can't
65 be set to less than 1 second, or more than 10 minutes, and the default value
67 % TODO: what is format of the time?
68 % TODO: should the digits in this definition be spelled out? should
69 % TODO: this say "time-period-specification" above??)
72 \section{The Director Resource}
73 \label{DirectorResource2}
74 \index[general]{Director Resource }
75 \index[general]{Resource!Director }
77 The Director resource defines the attributes of the Directors that are
78 monitored by this Monitor.
80 As you are not permitted to define a Password in this resource, to avoid
81 obtaining full Director privileges, you must create a Console resource in the
82 \ilink{Director's configuration}{DirectorChapter} file, using the
83 Console Name and Password defined in the Monitor resource. To avoid security
84 problems, you should configure this Console resource to allow access to no
85 other daemons, and permit the use of only two commands: {\bf status} and {\bf
86 .status} (see below for an example).
88 You may have multiple Director resource specifications in a single Monitor
95 Start of the Director records.
97 \item [Name = \lt{}name\gt{}]
99 The Director name used to identify the Director in the list of monitored
100 daemons. It is not required to be the same as the one defined in the Director's
101 configuration file. This record is required.
103 \item [DIRPort = \lt{}port-number\gt{}]
105 Specify the port to use to connect to the Director. This value will most
106 likely already be set to the value you specified on the {\bf
107 \verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
108 identical to the {\bf DIRport} specified in the {\bf Director} resource of
110 \ilink{Director's configuration}{DirectorChapter} file. The
111 default is 9101 so this record is not normally specified.
113 \item [Address = \lt{}address\gt{}]
115 Where the address is a host name, a fully qualified domain name, or a network
116 address used to connect to the Director. This record is required.
119 \section{The Client Resource}
120 \label{ClientResource1}
121 \index[general]{Resource!Client }
122 \index[general]{Client Resource }
124 The Client resource defines the attributes of the Clients that are monitored
127 You must create a Director resource in the
128 \ilink{Client's configuration}{FiledConfChapter} file, using the
129 Director Name defined in the Monitor resource. To avoid security problems, you
130 should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
133 You may have multiple Director resource specifications in a single Monitor
138 \item [Client (or FileDaemon)]
139 \index[fd]{Client (or FileDaemon) }
140 Start of the Client records.
142 \item [Name = \lt{}name\gt{}]
144 The Client name used to identify the Director in the list of monitored
145 daemons. It is not required to be the same as the one defined in the Client's
146 configuration file. This record is required.
148 \item [Address = \lt{}address\gt{}]
150 Where the address is a host name, a fully qualified domain name, or a network
151 address in dotted quad notation for a Bacula File daemon. This record is
154 \item [FD Port = \lt{}port-number\gt{}]
156 Where the port is a port number at which the Bacula File daemon can be
157 contacted. The default is 9102.
159 \item [Password = \lt{}password\gt{}]
160 \index[fd]{Password }
161 This is the password to be used when establishing a connection with the File
162 services, so the Client configuration file on the machine to be backed up
163 must have the same password defined for this Director. This record is
167 \section{The Storage Resource}
168 \label{StorageResource1}
169 \index[general]{Resource!Storage }
170 \index[general]{Storage Resource }
172 The Storage resource defines the attributes of the Storages that are monitored
175 You must create a Director resource in the
176 \ilink{Storage's configuration}{StoredConfChapter} file, using the
177 Director Name defined in the Monitor resource. To avoid security problems, you
178 should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
181 You may have multiple Director resource specifications in a single Monitor
188 Start of the Storage records.
190 \item [Name = \lt{}name\gt{}]
192 The Storage name used to identify the Director in the list of monitored
193 daemons. It is not required to be the same as the one defined in the Storage's
194 configuration file. This record is required.
196 \item [Address = \lt{}address\gt{}]
198 Where the address is a host name, a fully qualified domain name, or a network
199 address in dotted quad notation for a Bacula Storage daemon. This record is
202 \item [SD Port = \lt{}port\gt{}]
204 Where port is the port to use to contact the storage daemon for information
205 and to start jobs. This same port number must appear in the Storage resource
206 of the Storage daemon's configuration file. The default is 9103.
208 \item [Password = \lt{}password\gt{}]
209 \index[sd]{Password }
210 This is the password to be used when establishing a connection with the
211 Storage services. This same password also must appear in the Director
212 resource of the Storage daemon's configuration file. This record is required.
216 \section{Tray Monitor Security}
217 \index[general]{Tray Monitor Security}
219 There is no security problem in relaxing the permissions on
220 tray-monitor.conf as long as FD, SD and DIR are configured properly, so
221 the passwords contained in this file only gives access to the status of
222 the daemons. It could be a security problem if you consider the status
223 information as potentially dangerous (I don't think it is the case).
225 Concerning Director's configuration: \\
226 In tray-monitor.conf, the password in the Monitor resource must point to
227 a restricted console in bacula-dir.conf (see the documentation). So, if
228 you use this password with bconsole, you'll only have access to the
229 status of the director (commands status and .status).
230 It could be a security problem if there is a bug in the ACL code of the
233 Concerning File and Storage Daemons' configuration:\\
234 In tray-monitor.conf, the Name in the Monitor resource must point to a
235 Director resource in bacula-fd/sd.conf, with the Monitor directive set
236 to Yes (once again, see the documentation).
237 It could be a security problem if there is a bug in the code which check
238 if a command is valid for a Monitor (this is very unlikely as the code
242 \section{Sample Tray Monitor configuration}
243 \label{SampleConfiguration1}
244 \index[general]{Sample Tray Monitor configuration}
246 An example Tray Monitor configuration file might be the following:
251 # Bacula Tray Monitor Configuration File
254 Name = rufus-mon # password for Directors
255 Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
256 RefreshInterval = 10 seconds
262 FDPort = 9102 # password for FileDaemon
263 Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
268 SDPort = 9103 # password for StorageDaemon
269 Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
279 \subsection{Sample File daemon's Director record.}
280 \index[general]{Sample File daemon's Director record. }
281 \index[general]{Record!Sample File daemon's Director }
284 \ilink{here to see the full example.}{SampleClientConfiguration}
290 # Restricted Director, used by tray-monitor to get the
291 # status of the file daemon
295 Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
301 \subsection{Sample Storage daemon's Director record.}
302 \index[general]{Record!Sample Storage daemon's Director }
303 \index[general]{Sample Storage daemon's Director record. }
306 \ilink{here to see the full example.}{SampleConfiguration}
311 # Restricted Director, used by tray-monitor to get the
312 # status of the storage daemon
316 Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
322 \subsection{Sample Director's Console record.}
323 \index[general]{Record!Sample Director's Console }
324 \index[general]{Sample Director's Console record. }
327 \ilink{here to see the full
328 example.}{SampleDirectorConfiguration}
333 # Restricted console used by tray-monitor to get the status of the director
337 Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
338 CommandACL = status, .status