+++ /dev/null
-%%
-%%
-
-\chapter{Monitor Configuration}
-\label{_MonitorChapter}
-\index[general]{Monitor Configuration }
-\index[general]{Configuration!Monitor }
-
-The Monitor configuration file is a stripped down version of the Director
-configuration file, mixed with a Console configuration file. It simply
-contains the information necessary to contact Directors, Clients, and Storage
-daemons you want to monitor.
-
-For a general discussion of configuration file and resources including the
-data types recognized by {\bf Bacula}, please see the
-\ilink{Configuration}{ConfigureChapter} chapter of this manual.
-
-The following Monitor Resource definition must be defined:
-
-\begin{itemize}
-\item
- \ilink{Monitor}{MonitorResource} -- to define the Monitor's
- name used to connect to all the daemons and the password used to connect to
-the Directors. Note, you must not define more than one Monitor resource in
-the Monitor configuration file.
-\item At least one
- \ilink{Client}{ClientResource1},
- \ilink{Storage}{StorageResource1} or
-\ilink{Director}{DirectorResource2} resource, to define the
-daemons to monitor.
-\end{itemize}
-
-\section{The Monitor Resource}
-\label{MonitorResource}
-\index[general]{Monitor Resource }
-\index[general]{Resource!Monitor }
-
-The Monitor resource defines the attributes of the Monitor running on the
-network. The parameters you define here must be configured as a Director
-resource in Clients and Storages configuration files, and as a Console
-resource in Directors configuration files.
-
-\begin{description}
-
-\item [Monitor]
- \index[fd]{Monitor }
- Start of the Monitor records.
-
-\item [Name = \lt{}name\gt{}]
- \index[fd]{Name }
- Specify the Director name used to connect to Client and Storage, and the
-Console name used to connect to Director. This record is required.
-
-\item [Password = \lt{}password\gt{}]
- \index[fd]{Password }
- Where the password is the password needed for Directors to accept the Console
-connection. This password must be identical to the {\bf Password} specified
-in the {\bf Console} resource of the
-\ilink{Director's configuration}{DirectorChapter} file. This
-record is required if you wish to monitor Directors.
-
-\item [Refresh Interval = \lt{}time\gt{}]
- \index[fd]{Refresh Interval }
- Specifies the time to wait between status requests to each daemon. It can't
-be set to less than 1 second, or more than 10 minutes, and the default value
-is 5 seconds.
-% TODO: what is format of the time?
-% TODO: should the digits in this definition be spelled out? should
-% TODO: this say "time-period-specification" above??)
-\end{description}
-
-\section{The Director Resource}
-\label{DirectorResource2}
-\index[general]{Director Resource }
-\index[general]{Resource!Director }
-
-The Director resource defines the attributes of the Directors that are
-monitored by this Monitor.
-
-As you are not permitted to define a Password in this resource, to avoid
-obtaining full Director privileges, you must create a Console resource in the
-\ilink{Director's configuration}{DirectorChapter} file, using the
-Console Name and Password defined in the Monitor resource. To avoid security
-problems, you should configure this Console resource to allow access to no
-other daemons, and permit the use of only two commands: {\bf status} and {\bf
-.status} (see below for an example).
-
-You may have multiple Director resource specifications in a single Monitor
-configuration file.
-
-\begin{description}
-
-\item [Director]
- \index[fd]{Director }
- Start of the Director records.
-
-\item [Name = \lt{}name\gt{}]
- \index[fd]{Name }
- The Director name used to identify the Director in the list of monitored
-daemons. It is not required to be the same as the one defined in the Director's
-configuration file. This record is required.
-
-\item [DIRPort = \lt{}port-number\gt{}]
- \index[fd]{DIRPort }
- Specify the port to use to connect to the Director. This value will most
-likely already be set to the value you specified on the {\bf
-\verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
-identical to the {\bf DIRport} specified in the {\bf Director} resource of
-the
-\ilink{Director's configuration}{DirectorChapter} file. The
-default is 9101 so this record is not normally specified.
-
-\item [Address = \lt{}address\gt{}]
- \index[fd]{Address }
- Where the address is a host name, a fully qualified domain name, or a network
-address used to connect to the Director. This record is required.
-\end{description}
-
-\section{The Client Resource}
-\label{ClientResource1}
-\index[general]{Resource!Client }
-\index[general]{Client Resource }
-
-The Client resource defines the attributes of the Clients that are monitored
-by this Monitor.
-
-You must create a Director resource in the
-\ilink{Client's configuration}{FiledConfChapter} file, using the
-Director Name defined in the Monitor resource. To avoid security problems, you
-should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
-
-
-You may have multiple Director resource specifications in a single Monitor
-configuration file.
-
-\begin{description}
-
-\item [Client (or FileDaemon)]
- \index[fd]{Client (or FileDaemon) }
- Start of the Client records.
-
-\item [Name = \lt{}name\gt{}]
- \index[fd]{Name }
- The Client name used to identify the Director in the list of monitored
-daemons. It is not required to be the same as the one defined in the Client's
-configuration file. This record is required.
-
-\item [Address = \lt{}address\gt{}]
- \index[fd]{Address }
- Where the address is a host name, a fully qualified domain name, or a network
-address in dotted quad notation for a Bacula File daemon. This record is
-required.
-
-\item [FD Port = \lt{}port-number\gt{}]
- \index[fd]{FD Port }
- Where the port is a port number at which the Bacula File daemon can be
-contacted. The default is 9102.
-
-\item [Password = \lt{}password\gt{}]
- \index[fd]{Password }
- This is the password to be used when establishing a connection with the File
-services, so the Client configuration file on the machine to be backed up
-must have the same password defined for this Director. This record is
-required.
-\end{description}
-
-\section{The Storage Resource}
-\label{StorageResource1}
-\index[general]{Resource!Storage }
-\index[general]{Storage Resource }
-
-The Storage resource defines the attributes of the Storages that are monitored
-by this Monitor.
-
-You must create a Director resource in the
-\ilink{Storage's configuration}{StoredConfChapter} file, using the
-Director Name defined in the Monitor resource. To avoid security problems, you
-should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
-
-
-You may have multiple Director resource specifications in a single Monitor
-configuration file.
-
-\begin{description}
-
-\item [Storage]
- \index[fd]{Storage }
- Start of the Storage records.
-
-\item [Name = \lt{}name\gt{}]
- \index[fd]{Name }
- The Storage name used to identify the Director in the list of monitored
-daemons. It is not required to be the same as the one defined in the Storage's
-configuration file. This record is required.
-
-\item [Address = \lt{}address\gt{}]
- \index[fd]{Address }
- Where the address is a host name, a fully qualified domain name, or a network
-address in dotted quad notation for a Bacula Storage daemon. This record is
-required.
-
-\item [SD Port = \lt{}port\gt{}]
- \index[fd]{SD Port }
- Where port is the port to use to contact the storage daemon for information
-and to start jobs. This same port number must appear in the Storage resource
-of the Storage daemon's configuration file. The default is 9103.
-
-\item [Password = \lt{}password\gt{}]
- \index[sd]{Password }
- This is the password to be used when establishing a connection with the
-Storage services. This same password also must appear in the Director
-resource of the Storage daemon's configuration file. This record is required.
-
-\end{description}
-
-\section{Tray Monitor Security}
-\index[general]{Tray Monitor Security}
-
-There is no security problem in relaxing the permissions on
-tray-monitor.conf as long as FD, SD and DIR are configured properly, so
-the passwords contained in this file only gives access to the status of
-the daemons. It could be a security problem if you consider the status
-information as potentially dangerous (I don't think it is the case).
-
-Concerning Director's configuration: \\
-In tray-monitor.conf, the password in the Monitor resource must point to
-a restricted console in bacula-dir.conf (see the documentation). So, if
-you use this password with bconsole, you'll only have access to the
-status of the director (commands status and .status).
-It could be a security problem if there is a bug in the ACL code of the
-director.
-
-Concerning File and Storage Daemons' configuration:\\
-In tray-monitor.conf, the Name in the Monitor resource must point to a
-Director resource in bacula-fd/sd.conf, with the Monitor directive set
-to Yes (once again, see the documentation).
-It could be a security problem if there is a bug in the code which check
-if a command is valid for a Monitor (this is very unlikely as the code
-is pretty simple).
-
-
-\section{Sample Tray Monitor configuration}
-\label{SampleConfiguration1}
-\index[general]{Sample Tray Monitor configuration}
-
-An example Tray Monitor configuration file might be the following:
-
-\footnotesize
-\begin{verbatim}
-#
-# Bacula Tray Monitor Configuration File
-#
-Monitor {
- Name = rufus-mon # password for Directors
- Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
- RefreshInterval = 10 seconds
-}
-
-Client {
- Name = rufus-fd
- Address = rufus
- FDPort = 9102 # password for FileDaemon
- Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
-}
-Storage {
- Name = rufus-sd
- Address = rufus
- SDPort = 9103 # password for StorageDaemon
- Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
-}
-Director {
- Name = rufus-dir
- DIRport = 9101
- address = rufus
-}
-\end{verbatim}
-\normalsize
-
-\subsection{Sample File daemon's Director record.}
-\index[general]{Sample File daemon's Director record. }
-\index[general]{Record!Sample File daemon's Director }
-
-Click
-\ilink{here to see the full example.}{SampleClientConfiguration}
-
-
-\footnotesize
-\begin{verbatim}
-#
-# Restricted Director, used by tray-monitor to get the
-# status of the file daemon
-#
-Director {
- Name = rufus-mon
- Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
- Monitor = yes
-}
-\end{verbatim}
-\normalsize
-
-\subsection{Sample Storage daemon's Director record.}
-\index[general]{Record!Sample Storage daemon's Director }
-\index[general]{Sample Storage daemon's Director record. }
-
-Click
-\ilink{here to see the full example.}{SampleConfiguration}
-
-\footnotesize
-\begin{verbatim}
-#
-# Restricted Director, used by tray-monitor to get the
-# status of the storage daemon
-#
-Director {
- Name = rufus-mon
- Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
- Monitor = yes
-}
-\end{verbatim}
-\normalsize
-
-\subsection{Sample Director's Console record.}
-\index[general]{Record!Sample Director's Console }
-\index[general]{Sample Director's Console record. }
-
-Click
-\ilink{here to see the full
-example.}{SampleDirectorConfiguration}
-
-\footnotesize
-\begin{verbatim}
-#
-# Restricted console used by tray-monitor to get the status of the director
-#
-Console {
- Name = Monitor
- Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
- CommandACL = status, .status
-}
-\end{verbatim}
-\normalsize