--- /dev/null
+%%
+%%
+
+\chapter{Monitor Configuration}
+\label{_MonitorChapter}
+\index[general]{Monitor Configuration }
+\index[general]{Configuration!Monitor }
+
+The Monitor configuration file is a stripped down version of the Director
+configuration file, mixed with a Console configuration file. It simply
+contains the information necessary to contact Directors, Clients, and Storage
+daemons you want to monitor.
+
+For a general discussion of configuration file and resources including the
+data types recognized by {\bf Bacula}, please see the
+\ilink{Configuration}{ConfigureChapter} chapter of this manual.
+
+The following Monitor Resource definition must be defined:
+
+\begin{itemize}
+\item
+ \ilink{Monitor}{MonitorResource} -- to define the Monitor's
+ name used to connect to all the daemons and the password used to connect to
+the Directors. Note, you must not define more than one Monitor resource in
+the Monitor configuration file.
+\item At least one
+ \ilink{Client}{ClientResource1},
+ \ilink{Storage}{StorageResource1} or
+\ilink{Director}{DirectorResource2} resource, to define the
+daemons to monitor.
+\end{itemize}
+
+\section{The Monitor Resource}
+\label{MonitorResource}
+\index[general]{Monitor Resource }
+\index[general]{Resource!Monitor }
+
+The Monitor resource defines the attributes of the Monitor running on the
+network. The parameters you define here must be configured as a Director
+resource in Clients and Storages configuration files, and as a Console
+resource in Directors configuration files.
+
+\begin{description}
+
+\item [Monitor]
+ \index[fd]{Monitor }
+ Start of the Monitor records.
+
+\item [Name = \lt{}name\gt{}]
+ \index[fd]{Name }
+ Specify the Director name used to connect to Client and Storage, and the
+Console name used to connect to Director. This record is required.
+
+\item [Password = \lt{}password\gt{}]
+ \index[fd]{Password }
+ Where the password is the password needed for Directors to accept the Console
+connection. This password must be identical to the {\bf Password} specified
+in the {\bf Console} resource of the
+\ilink{Director's configuration}{DirectorChapter} file. This
+record is required if you wish to monitor Directors.
+
+\item [Refresh Interval = \lt{}time\gt{}]
+ \index[fd]{Refresh Interval }
+ Specifies the time to wait between status requests to each daemon. It can't
+be set to less than 1 second, or more than 10 minutes, and the default value
+is 5 seconds.
+% TODO: what is format of the time?
+% TODO: should the digits in this definition be spelled out? should
+% TODO: this say "time-period-specification" above??)
+\end{description}
+
+\section{The Director Resource}
+\label{DirectorResource2}
+\index[general]{Director Resource }
+\index[general]{Resource!Director }
+
+The Director resource defines the attributes of the Directors that are
+monitored by this Monitor.
+
+As you are not permitted to define a Password in this resource, to avoid
+obtaining full Director privileges, you must create a Console resource in the
+\ilink{Director's configuration}{DirectorChapter} file, using the
+Console Name and Password defined in the Monitor resource. To avoid security
+problems, you should configure this Console resource to allow access to no
+other daemons, and permit the use of only two commands: {\bf status} and {\bf
+.status} (see below for an example).
+
+You may have multiple Director resource specifications in a single Monitor
+configuration file.
+
+\begin{description}
+
+\item [Director]
+ \index[fd]{Director }
+ Start of the Director records.
+
+\item [Name = \lt{}name\gt{}]
+ \index[fd]{Name }
+ The Director name used to identify the Director in the list of monitored
+daemons. It is not required to be the same as the one defined in the Director's
+configuration file. This record is required.
+
+\item [DIRPort = \lt{}port-number\gt{}]
+ \index[fd]{DIRPort }
+ Specify the port to use to connect to the Director. This value will most
+likely already be set to the value you specified on the {\bf
+\verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
+identical to the {\bf DIRport} specified in the {\bf Director} resource of
+the
+\ilink{Director's configuration}{DirectorChapter} file. The
+default is 9101 so this record is not normally specified.
+
+\item [Address = \lt{}address\gt{}]
+ \index[fd]{Address }
+ Where the address is a host name, a fully qualified domain name, or a network
+address used to connect to the Director. This record is required.
+\end{description}
+
+\section{The Client Resource}
+\label{ClientResource1}
+\index[general]{Resource!Client }
+\index[general]{Client Resource }
+
+The Client resource defines the attributes of the Clients that are monitored
+by this Monitor.
+
+You must create a Director resource in the
+\ilink{Client's configuration}{FiledConfChapter} file, using the
+Director Name defined in the Monitor resource. To avoid security problems, you
+should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
+
+
+You may have multiple Director resource specifications in a single Monitor
+configuration file.
+
+\begin{description}
+
+\item [Client (or FileDaemon)]
+ \index[fd]{Client (or FileDaemon) }
+ Start of the Client records.
+
+\item [Name = \lt{}name\gt{}]
+ \index[fd]{Name }
+ The Client name used to identify the Director in the list of monitored
+daemons. It is not required to be the same as the one defined in the Client's
+configuration file. This record is required.
+
+\item [Address = \lt{}address\gt{}]
+ \index[fd]{Address }
+ Where the address is a host name, a fully qualified domain name, or a network
+address in dotted quad notation for a Bacula File daemon. This record is
+required.
+
+\item [FD Port = \lt{}port-number\gt{}]
+ \index[fd]{FD Port }
+ Where the port is a port number at which the Bacula File daemon can be
+contacted. The default is 9102.
+
+\item [Password = \lt{}password\gt{}]
+ \index[fd]{Password }
+ This is the password to be used when establishing a connection with the File
+services, so the Client configuration file on the machine to be backed up
+must have the same password defined for this Director. This record is
+required.
+\end{description}
+
+\section{The Storage Resource}
+\label{StorageResource1}
+\index[general]{Resource!Storage }
+\index[general]{Storage Resource }
+
+The Storage resource defines the attributes of the Storages that are monitored
+by this Monitor.
+
+You must create a Director resource in the
+\ilink{Storage's configuration}{StoredConfChapter} file, using the
+Director Name defined in the Monitor resource. To avoid security problems, you
+should set the {\bf Monitor} directive to {\bf Yes} in this Director resource.
+
+
+You may have multiple Director resource specifications in a single Monitor
+configuration file.
+
+\begin{description}
+
+\item [Storage]
+ \index[fd]{Storage }
+ Start of the Storage records.
+
+\item [Name = \lt{}name\gt{}]
+ \index[fd]{Name }
+ The Storage name used to identify the Director in the list of monitored
+daemons. It is not required to be the same as the one defined in the Storage's
+configuration file. This record is required.
+
+\item [Address = \lt{}address\gt{}]
+ \index[fd]{Address }
+ Where the address is a host name, a fully qualified domain name, or a network
+address in dotted quad notation for a Bacula Storage daemon. This record is
+required.
+
+\item [SD Port = \lt{}port\gt{}]
+ \index[fd]{SD Port }
+ Where port is the port to use to contact the storage daemon for information
+and to start jobs. This same port number must appear in the Storage resource
+of the Storage daemon's configuration file. The default is 9103.
+
+\item [Password = \lt{}password\gt{}]
+ \index[sd]{Password }
+ This is the password to be used when establishing a connection with the
+Storage services. This same password also must appear in the Director
+resource of the Storage daemon's configuration file. This record is required.
+
+\end{description}
+
+\section{Tray Monitor Security}
+\index[general]{Tray Monitor Security}
+
+There is no security problem in relaxing the permissions on
+tray-monitor.conf as long as FD, SD and DIR are configured properly, so
+the passwords contained in this file only gives access to the status of
+the daemons. It could be a security problem if you consider the status
+information as potentially dangerous (I don't think it is the case).
+
+Concerning Director's configuration: \\
+In tray-monitor.conf, the password in the Monitor resource must point to
+a restricted console in bacula-dir.conf (see the documentation). So, if
+you use this password with bconsole, you'll only have access to the
+status of the director (commands status and .status).
+It could be a security problem if there is a bug in the ACL code of the
+director.
+
+Concerning File and Storage Daemons' configuration:\\
+In tray-monitor.conf, the Name in the Monitor resource must point to a
+Director resource in bacula-fd/sd.conf, with the Monitor directive set
+to Yes (once again, see the documentation).
+It could be a security problem if there is a bug in the code which check
+if a command is valid for a Monitor (this is very unlikely as the code
+is pretty simple).
+
+
+\section{Sample Tray Monitor configuration}
+\label{SampleConfiguration1}
+\index[general]{Sample Tray Monitor configuration}
+
+An example Tray Monitor configuration file might be the following:
+
+\footnotesize
+\begin{verbatim}
+#
+# Bacula Tray Monitor Configuration File
+#
+Monitor {
+ Name = rufus-mon # password for Directors
+ Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
+ RefreshInterval = 10 seconds
+}
+
+Client {
+ Name = rufus-fd
+ Address = rufus
+ FDPort = 9102 # password for FileDaemon
+ Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
+}
+Storage {
+ Name = rufus-sd
+ Address = rufus
+ SDPort = 9103 # password for StorageDaemon
+ Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
+}
+Director {
+ Name = rufus-dir
+ DIRport = 9101
+ address = rufus
+}
+\end{verbatim}
+\normalsize
+
+\subsection{Sample File daemon's Director record.}
+\index[general]{Sample File daemon's Director record. }
+\index[general]{Record!Sample File daemon's Director }
+
+Click
+\ilink{here to see the full example.}{SampleClientConfiguration}
+
+
+\footnotesize
+\begin{verbatim}
+#
+# Restricted Director, used by tray-monitor to get the
+# status of the file daemon
+#
+Director {
+ Name = rufus-mon
+ Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
+ Monitor = yes
+}
+\end{verbatim}
+\normalsize
+
+\subsection{Sample Storage daemon's Director record.}
+\index[general]{Record!Sample Storage daemon's Director }
+\index[general]{Sample Storage daemon's Director record. }
+
+Click
+\ilink{here to see the full example.}{SampleConfiguration}
+
+\footnotesize
+\begin{verbatim}
+#
+# Restricted Director, used by tray-monitor to get the
+# status of the storage daemon
+#
+Director {
+ Name = rufus-mon
+ Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
+ Monitor = yes
+}
+\end{verbatim}
+\normalsize
+
+\subsection{Sample Director's Console record.}
+\index[general]{Record!Sample Director's Console }
+\index[general]{Sample Director's Console record. }
+
+Click
+\ilink{here to see the full
+example.}{SampleDirectorConfiguration}
+
+\footnotesize
+\begin{verbatim}
+#
+# Restricted console used by tray-monitor to get the status of the director
+#
+Console {
+ Name = Monitor
+ Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
+ CommandACL = status, .status
+}
+\end{verbatim}
+\normalsize