Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Bacula daemon message- where did it come from?

2015-08-24 09:53:56
Subject: Re: [Bacula-users] Bacula daemon message- where did it come from?
From: "Clark, Patti" <clarkpa AT ornl DOT gov>
To: Michael Schwager <mschwager AT mochotrading DOT com>, Heitor Faria <heitor AT bacula.com DOT br>
Date: Mon, 24 Aug 2015 13:48:57 +0000
Apologies for the late response to this thread.  Michael is correct in that these daemon messages are Bacula created and not delivered when created.  Not only the example that he provided, but when an attempt to connect to the director from an unknown and invalid client will generate these messages.  They only appear in the bacula log and the mail log when the director is shutdown, not when the incident occurs.  I consider this a bug in Bacula.  Not only a bug, but a security bug because the delay in reporting prevents responsive action if required.  I have checked my messages and traced them to our security team probing our systems for security holes.  I just don't see this from Bacula until the next director shutdown.  Where Bacula keeps the messages until then, I do not know.

Patti Clark
Linux System Administrator
R&D Systems Support Oak Ridge National Laboratory

From: Michael Schwager <mschwager AT mochotrading DOT com>
Date: Thursday, August 13, 2015 at 1:09 PM
To: Heitor Faria <heitor AT bacula.com DOT br>
Cc: bacula-users <bacula-users AT lists.sourceforge DOT net>
Subject: Re: [Bacula-users] Bacula daemon message- where did it come from?

On Wed, Aug 12, 2015 at 8:15 AM, Heitor Faria <heitor AT bacula.com DOT br> wrote:
I agree with Ana with the fact it is probably not a bug. Even in the hypothesis Bacula is sending delayed messages this is the reason there is a time stamp on each log message. Yes: the connection error happened. Yes: daemon messages can be annoying and sometime lead incautious users to confusion if they only receive the message after the error is solved. But you can always opt out this messages or don't send them to the boss. =) 

​For the record and benefit of any future Google searches (and I believe this problem is solved in any case), it may be instructive for the user to have Bacula call a script (as I have done) rather than bsmtp directly. Over the course of my Bacula installation I needed to verify the correct operation of all the component pieces of messaging delivery so I created a frontend to bsmtp. Bacula calls that, rather than bsmtp itself, so I can see what it is trying to do before it even gets to the mail system.

What I know is this:
  1. Bacula sent a message at 11:00 UTC. This is not a hypothesis, it's a fact; in fact, this line in the script:

    echo ARGUMENTS: 1:"'$1'" 2:"'$2'" 3:"'$3'" 4:"'$4'" 5:"'$5'" 6:"'$6'" 7:"'$7'" 8: "'$8'" | logger -p mail.info

    produced this line in the mail.log:

    Aug  9 11:00:01 ch0-backup-01 logger: ARGUMENTS: 1:'-h' 2:'mailhub' 3:'-f' 4:'(Bacula) <backup AT example DOT com>' 5:'-s' 6:'Bacula daemon message' 7:'it AT example DOT com' 8: ''

  2. Its subject line as you can see was "Bacula daemon message" which matches the following entry in my bacula-dir.conf:
    ​Messages {
      Name = Daemon
      mailcommand = "/usr/local/bin/my_smtp -h mailhub -f \"\(Bacula\) \<backup AT example DOT com\>\" -s \"Bacula daemon message\" %r"
      mail = "it AT mochotrading DOT com" = all, !skipped
      append = "/var/log/bacula/daemon.log" = all, !skipped
    }
  3. It contained information that was over a week old.
  4. I didn't know why.
  5. Curiously, precisely the same time (at 11:00 UTC) I stop the Bacula daemons. Some time later I restart them.
  6. I don't want it to happen again.

Opting out of alerts is very dangerous. They are always telling you something. They may be telling you that there is a problem in your system, or they may be a false alarm. Either way, they are telling you something should be fixed. Otherwise soon you are ignoring daemon messages as a nuisance and then you REALLY have some explaining to your boss when you miss the one that alerts you to a real problem!

In this case, it looks like there was a problem in the Bacula system that Kern repaired.

- Mike Schwager
  Linux Network Engineer, Mocho Trading LLC
  312-646-4783 Phone    312-637-0011 Cell    312-957-9804 Fax


This message is for the named person(s) use only. It may contain confidential proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Mocho Trading LLC reserves the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. 
------------------------------------------------------------------------------

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Catalog writing to wrong storage device, Adam Clark
Next by Date:  Re: [Bacula-users] Out of virtual tapes, Radosław Korzeniewski
Previous by Thread:  Re: [Bacula-users] Bacula daemon message- where did it come from?, Michael Schwager
Next by Thread:  Re: [Bacula-users] Bacula daemon message- where did it come from?, Michael Schwager
Indexes:  [Date] [Thread] [Top] [All Lists]