<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!--Converted with LaTeX2HTML 2008 (1.71)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>Monitor Configuration</TITLE>
<META NAME="description" CONTENT="Monitor Configuration">
<META NAME="keywords" CONTENT="main">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META NAME="Generator" CONTENT="LaTeX2HTML v2008">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="main.css">
<LINK REL="next" HREF="Restore_Command.html">
<LINK REL="previous" HREF="Console_Configuration.html">
<LINK REL="up" HREF="Bacula_Main_Reference.html">
<LINK REL="next" HREF="Restore_Command.html">
</HEAD>
<BODY >
<!--Navigation Panel-->
<A NAME="tex2html1572"
HREF="Restore_Command.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html1566"
HREF="Bacula_Main_Reference.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html1560"
HREF="Console_Configuration.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html1568"
HREF="Contents.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html1570"
HREF="Thanks.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html1573"
HREF="Restore_Command.html">The Restore Command</A>
<B> Up:</B> <A NAME="tex2html1567"
HREF="Bacula_Main_Reference.html">Bacula Main Reference</A>
<B> Previous:</B> <A NAME="tex2html1561"
HREF="Console_Configuration.html">Console Configuration</A>
<B> <A NAME="tex2html1569"
HREF="Contents.html">Contents</A></B>
<B> <A NAME="tex2html1571"
HREF="Thanks.html">Index</A></B>
<BR>
<BR>
<!--End of Navigation Panel-->
<!--Table of Child-Links-->
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL>
<LI><A NAME="tex2html1574"
HREF="Monitor_Configuration.html#SECTION002410000000000000000">The Monitor Resource</A>
<LI><A NAME="tex2html1575"
HREF="Monitor_Configuration.html#SECTION002420000000000000000">The Director Resource</A>
<LI><A NAME="tex2html1576"
HREF="Monitor_Configuration.html#SECTION002430000000000000000">The Client Resource</A>
<LI><A NAME="tex2html1577"
HREF="Monitor_Configuration.html#SECTION002440000000000000000">The Storage Resource</A>
<LI><A NAME="tex2html1578"
HREF="Monitor_Configuration.html#SECTION002450000000000000000">Tray Monitor Security</A>
<LI><A NAME="tex2html1579"
HREF="Monitor_Configuration.html#SECTION002460000000000000000">Sample Tray Monitor configuration</A>
<UL>
<LI><A NAME="tex2html1580"
HREF="Monitor_Configuration.html#SECTION002461000000000000000">Sample File daemon's Director record.</A>
<LI><A NAME="tex2html1581"
HREF="Monitor_Configuration.html#SECTION002462000000000000000">Sample Storage daemon's Director record.</A>
<LI><A NAME="tex2html1582"
HREF="Monitor_Configuration.html#SECTION002463000000000000000">Sample Director's Console record.</A>
</UL></UL>
<!--End of Table of Child-Links-->
<HR>
<H1><A NAME="SECTION002400000000000000000"></A>
<A NAME="_MonitorChapter"></A>
<BR>
Monitor Configuration
</H1>
<A NAME="13700"></A>
<A NAME="13701"></A>
<P>
The Monitor configuration file is a stripped down version of the Director
configuration file, mixed with a Console configuration file. It simply
contains the information necessary to contact Directors, Clients, and Storage
daemons you want to monitor.
<P>
For a general discussion of configuration file and resources including the
data types recognized by <B>Bacula</B>, please see the
ConfigurationConfigureChapter chapter of this manual.
<P>
The following Monitor Resource definition must be defined:
<P>
<UL>
<LI>MonitorMonitorResource - to define the Monitor's
name used to connect to all the daemons and the password used to connect to
the Directors. Note, you must not define more than one Monitor resource in
the Monitor configuration file.
</LI>
<LI>At least one
ClientClientResource1,
StorageStorageResource1 or
DirectorDirectorResource2 resource, to define the
daemons to monitor.
</LI>
</UL>
<P>
<H1><A NAME="SECTION002410000000000000000"></A>
<A NAME="MonitorResource"></A>
<BR>
The Monitor Resource
</H1>
<A NAME="13717"></A>
<A NAME="13718"></A>
<P>
The Monitor resource defines the attributes of the Monitor running on the
network. The parameters you define here must be configured as a Director
resource in Clients and Storages configuration files, and as a Console
resource in Directors configuration files.
<P>
<DL>
<DT><STRONG>Monitor</STRONG></DT>
<DD><A NAME="13720"></A>
Start of the Monitor records.
<P>
</DD>
<DT><STRONG>Name = name</STRONG></DT>
<DD><A NAME="13723"></A>
Specify the Director name used to connect to Client and Storage, and the
Console name used to connect to Director. This record is required.
<P>
</DD>
<DT><STRONG>Password = password</STRONG></DT>
<DD><A NAME="13726"></A>
Where the password is the password needed for Directors to accept the Console
connection. This password must be identical to the <B>Password</B> specified
in the <B>Console</B> resource of the
Director's configurationDirectorChapter file. This
record is required if you wish to monitor Directors.
<P>
</DD>
<DT><STRONG>Refresh Interval = time</STRONG></DT>
<DD><A NAME="13733"></A>
Specifies the time to wait between status requests to each daemon. It can't
be set to less than 1 second, or more than 10 minutes, and the default value
is 5 seconds.
</DD>
</DL>
<P>
<H1><A NAME="SECTION002420000000000000000"></A>
<A NAME="DirectorResource2"></A>
<BR>
The Director Resource
</H1>
<A NAME="13737"></A>
<A NAME="13738"></A>
<P>
The Director resource defines the attributes of the Directors that are
monitored by this Monitor.
<P>
As you are not permitted to define a Password in this resource, to avoid
obtaining full Director privileges, you must create a Console resource in the
Director's configurationDirectorChapter file, using the
Console Name and Password defined in the Monitor resource. To avoid security
problems, you should configure this Console resource to allow access to no
other daemons, and permit the use of only two commands: <B>status</B> and <B>.status</B> (see below for an example).
<P>
You may have multiple Director resource specifications in a single Monitor
configuration file.
<P>
<DL>
<DT><STRONG>Director</STRONG></DT>
<DD><A NAME="13744"></A>
Start of the Director records.
<P>
</DD>
<DT><STRONG>Name = name</STRONG></DT>
<DD><A NAME="13747"></A>
The Director name used to identify the Director in the list of monitored
daemons. It is not required to be the same as the one defined in the Director's
configuration file. This record is required.
<P>
</DD>
<DT><STRONG>DIRPort = port-number</STRONG></DT>
<DD><A NAME="13750"></A>
Specify the port to use to connect to the Director. This value will most
likely already be set to the value you specified on the <B><code>--</code>with-base-port</B> option of the <B>./configure</B> command. This port must be
identical to the <B>DIRport</B> specified in the <B>Director</B> resource of
the
Director's configurationDirectorChapter file. The
default is 9101 so this record is not normally specified.
<P>
</DD>
<DT><STRONG>Address = address</STRONG></DT>
<DD><A NAME="13759"></A>
Where the address is a host name, a fully qualified domain name, or a network
address used to connect to the Director. This record is required.
</DD>
</DL>
<P>
<H1><A NAME="SECTION002430000000000000000"></A>
<A NAME="ClientResource1"></A>
<BR>
The Client Resource
</H1>
<A NAME="13763"></A>
<A NAME="13764"></A>
<P>
The Client resource defines the attributes of the Clients that are monitored
by this Monitor.
<P>
You must create a Director resource in the
Client's configurationFiledConfChapter file, using the
Director Name defined in the Monitor resource. To avoid security problems, you
should set the <B>Monitor</B> directive to <B>Yes</B> in this Director resource.
<P>
You may have multiple Director resource specifications in a single Monitor
configuration file.
<P>
<DL>
<DT><STRONG>Client (or FileDaemon)</STRONG></DT>
<DD><A NAME="13770"></A>
Start of the Client records.
<P>
</DD>
<DT><STRONG>Name = name</STRONG></DT>
<DD><A NAME="13773"></A>
The Client name used to identify the Director in the list of monitored
daemons. It is not required to be the same as the one defined in the Client's
configuration file. This record is required.
<P>
</DD>
<DT><STRONG>Address = address</STRONG></DT>
<DD><A NAME="13776"></A>
Where the address is a host name, a fully qualified domain name, or a network
address in dotted quad notation for a Bacula File daemon. This record is
required.
<P>
</DD>
<DT><STRONG>FD Port = port-number</STRONG></DT>
<DD><A NAME="13779"></A>
Where the port is a port number at which the Bacula File daemon can be
contacted. The default is 9102.
<P>
</DD>
<DT><STRONG>Password = password</STRONG></DT>
<DD><A NAME="13782"></A>
This is the password to be used when establishing a connection with the File
services, so the Client configuration file on the machine to be backed up
must have the same password defined for this Director. This record is
required.
</DD>
</DL>
<P>
<H1><A NAME="SECTION002440000000000000000"></A>
<A NAME="StorageResource1"></A>
<BR>
The Storage Resource
</H1>
<A NAME="13786"></A>
<A NAME="13787"></A>
<P>
The Storage resource defines the attributes of the Storages that are monitored
by this Monitor.
<P>
You must create a Director resource in the
Storage's configurationStoredConfChapter file, using the
Director Name defined in the Monitor resource. To avoid security problems, you
should set the <B>Monitor</B> directive to <B>Yes</B> in this Director resource.
<P>
You may have multiple Director resource specifications in a single Monitor
configuration file.
<P>
<DL>
<DT><STRONG>Storage</STRONG></DT>
<DD><A NAME="13793"></A>
Start of the Storage records.
<P>
</DD>
<DT><STRONG>Name = name</STRONG></DT>
<DD><A NAME="13796"></A>
The Storage name used to identify the Director in the list of monitored
daemons. It is not required to be the same as the one defined in the Storage's
configuration file. This record is required.
<P>
</DD>
<DT><STRONG>Address = address</STRONG></DT>
<DD><A NAME="13799"></A>
Where the address is a host name, a fully qualified domain name, or a network
address in dotted quad notation for a Bacula Storage daemon. This record is
required.
<P>
</DD>
<DT><STRONG>SD Port = port</STRONG></DT>
<DD><A NAME="13802"></A>
Where port is the port to use to contact the storage daemon for information
and to start jobs. This same port number must appear in the Storage resource
of the Storage daemon's configuration file. The default is 9103.
<P>
</DD>
<DT><STRONG>Password = password</STRONG></DT>
<DD><A NAME="13805"></A>
This is the password to be used when establishing a connection with the
Storage services. This same password also must appear in the Director
resource of the Storage daemon's configuration file. This record is required.
<P>
</DD>
</DL>
<P>
<H1><A NAME="SECTION002450000000000000000">
Tray Monitor Security</A>
</H1>
<A NAME="13808"></A>
<P>
There is no security problem in relaxing the permissions on
tray-monitor.conf as long as FD, SD and DIR are configured properly, so
the passwords contained in this file only gives access to the status of
the daemons. It could be a security problem if you consider the status
information as potentially dangerous (I don't think it is the case).
<P>
Concerning Director's configuration:
<BR>
In tray-monitor.conf, the password in the Monitor resource must point to
a restricted console in bacula-dir.conf (see the documentation). So, if
you use this password with bconsole, you'll only have access to the
status of the director (commands status and .status).
It could be a security problem if there is a bug in the ACL code of the
director.
<P>
Concerning File and Storage Daemons' configuration:
<BR>
In tray-monitor.conf, the Name in the Monitor resource must point to a
Director resource in bacula-fd/sd.conf, with the Monitor directive set
to Yes (once again, see the documentation).
It could be a security problem if there is a bug in the code which check
if a command is valid for a Monitor (this is very unlikely as the code
is pretty simple).
<P>
<H1><A NAME="SECTION002460000000000000000"></A>
<A NAME="SampleConfiguration1"></A>
<BR>
Sample Tray Monitor configuration
</H1>
<A NAME="13811"></A>
<P>
An example Tray Monitor configuration file might be the following:
<P>
<PRE>
#
# Bacula Tray Monitor Configuration File
#
Monitor {
Name = rufus-mon # password for Directors
Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
RefreshInterval = 10 seconds
}
Client {
Name = rufus-fd
Address = rufus
FDPort = 9102 # password for FileDaemon
Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
}
Storage {
Name = rufus-sd
Address = rufus
SDPort = 9103 # password for StorageDaemon
Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
}
Director {
Name = rufus-dir
DIRport = 9101
address = rufus
}
</PRE>
<P>
<H2><A NAME="SECTION002461000000000000000">
Sample File daemon's Director record.</A>
</H2>
<A NAME="13815"></A>
<A NAME="13816"></A>
<P>
Click
here to see the full example.SampleClientConfiguration
<P>
<PRE>
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = rufus-mon
Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
Monitor = yes
}
</PRE>
<P>
<H2><A NAME="SECTION002462000000000000000">
Sample Storage daemon's Director record.</A>
</H2>
<A NAME="13822"></A>
<A NAME="13823"></A>
<P>
Click
here to see the full example.SampleConfiguration
<P>
<PRE>
#
# Restricted Director, used by tray-monitor to get the
# status of the storage daemon
#
Director {
Name = rufus-mon
Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
Monitor = yes
}
</PRE>
<P>
<H2><A NAME="SECTION002463000000000000000">
Sample Director's Console record.</A>
</H2>
<A NAME="13829"></A>
<A NAME="13830"></A>
<P>
Click
here to see the full
example.SampleDirectorConfiguration
<P>
<PRE>
#
# Restricted console used by tray-monitor to get the status of the director
#
Console {
Name = Monitor
Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
CommandACL = status, .status
}
</PRE>
<P>
<HR>
<!--Navigation Panel-->
<A NAME="tex2html1572"
HREF="Restore_Command.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html1566"
HREF="Bacula_Main_Reference.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html1560"
HREF="Console_Configuration.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html1568"
HREF="Contents.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html1570"
HREF="Thanks.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html1573"
HREF="Restore_Command.html">The Restore Command</A>
<B> Up:</B> <A NAME="tex2html1567"
HREF="Bacula_Main_Reference.html">Bacula Main Reference</A>
<B> Previous:</B> <A NAME="tex2html1561"
HREF="Console_Configuration.html">Console Configuration</A>
<B> <A NAME="tex2html1569"
HREF="Contents.html">Contents</A></B>
<B> <A NAME="tex2html1571"
HREF="Thanks.html">Index</A></B>
<!--End of Navigation Panel-->
<ADDRESS>
2012-01-24
</ADDRESS>
</BODY>
</HTML>
