-
Notifications
You must be signed in to change notification settings - Fork 8
Creating a sppmon.conf file
The config files are used to set up the data collection for one SPP-System.
Therefore each SPP-System requires its own .config-file.
It is not required or recommended to have multiple InfluxDB instances.
Each config file contains all required information to connect to the REST-API and all other SPP components like the associated vSnaps and VADPs, as well as other components like Office365 Cloudproxies. That includes passwords and usernames. The config files should be handled with care.
It is planned to switch to auth-tokes, but this isn't scheduled yet
The following page explains how to configure the file and insert the required information.
It is possible to semi-automatically create config files by using a stand-alone script from the install script.
Execute python3 ./scripts/addConfigFile.py
SPPMon uses the REST-API of SPP to query protection, system, and job data. These pieces of information fill about two-thirds of all Grafana dashboard panels.
Though, not all data is available via the REST-API: Process-CPU-Usages and storage information is only available via "regular" commands, which are executed via SSH.
To execute these commands, a dedicated login onto each system is required:
The server itself, any associated vSnaps, VADPs, and other hosts.
This access is not mandatory by itself, but a lot of information is lost if it is missing.
It is therefore highly recommended to create a sppmon user for each component and add them into the config file.
Any config files should be placed within the spectrum-protect-sppmon/config_files folder, including these you manually create.
All files created by the [install script] are only readable by root.
The spectrum-protect-sppmon/config_files folder contains a file named sppconnections_default.conf, which is a example of a config file. Do not edit or use this example file for SPPMon execution.
You can copy its content into a new .conf file and then modify it.
Please name the file according to the SPP-Server you are observing:
cp ./config_files/sppconnections_default.conf ./config_files/mySppServerName.conf
The config file is structured as a .json file.
It consists of multiple key-value pairs, which require a certain syntax.
If any errors occur, please check first for a missing comma or bracket.
The config file contains the following main sections:
-
"sppServer": Informations about the REST-API and the server itself. -
"influxDB": Informations about the InfluxDB and how to connect to it. -
"sshclients": SSH-Login information about each SPP-components-client
The first two require a dictionary ( curly brackets {}) as value, while the last one is a list ( square brackets []) of dictionaries. In the following sections, each of these parts is explained in detail.
Please create a user to query the SPP-Server.
-
username-string: name of the user to be logged in into the REST-API. -
password-string: plain text password of the user to be logged in. -
srv_address-string: address of the SPP-Server. It can be an IP address or a URL. Do not prependhttp/httpsor append the port. -
srv_port-int: port to the REST-API. Defaults to433. -
jobLog_retention-string, optional: time until old joblogs gets deleted. Defaults to60d.Refer to this website for the format of the
jobLog_retentionstring.
Example:
{
"sppServer": {
"username": "sppreader",
"password": "my_secret_password",
"srv_address": "host.of.spp.server.com",
"srv_port": 443,
"jobLog_retention": "60d"
},
"influxDB":{...},
"sshclients": [..]
}It is required to create the GrafanaReader.
-
username-string: name of the user to be logged in into the InfluxDB. UseGrafanaReader. -
password-string: plain text password of the user to be logged in. -
ssl-boolean:trueorfalse, whether ssl encryption is used.trueis recommended.Refer to the InfluxDB https guide how to set it up.
-
verify_ssl-boolean:trueorfalsewhether to verify the ssl connection. usefalseif you are using a self-signed cert.This is optional if
sslis set tofalse. -
srv_port-int: port to the InfluxDB. Defaults to8086. -
srv_address-string: address of the InfluxDB. It can be an IP address or a URL. Do not prependhttp/httpsor append the port. -
dbName-string: The name of the SPP-Server, should be identical to the config-file name and allow easy identification of the server.Don't use
sppmonas dbName. Please use a name to quickly identify this server. This simplifies the monitoring of multiple spp-server at once.
It is recommended that you use a single InfluxDB instance for multiple SPP-Server.
Each SPP-Server requires a different dbName which allows easy identification.
The database will get created by the first python execution of SPPmon.
You may monitor multiple SPP-Servers via Grafana by using a single InfluxDB instance. It is required to add each SPP-Server as an individual data source into Grafana.
Example:
{
"sppServer": {...
},
"influxDB":{
"username": "influx_reader_writer",
"password": "my_other_secret_passw0rd",
"ssl": true,
"verify_ssl": false,
"srv_port": 8086,
"srv_address": "host.of.influx.database.com",
"dbName": "spp_server_name"
},
"sshclients": [...]
}It is required to create dedicated users for SSH access first. It is required to add any component, like the server itself, vSnap, VADP, and other clients like Office365-Cloudproxies, to this list.
-
username-string: name of the ssh client -
srv_address-string: address of the ssh client. It can be an IP address or a URL. Do not prependhttp/httpsor append the port. -
srv_port-int: port to the ssh client. Defaults to22. -
username-string: name of the user to log in. Requires specialsudorights.Refer to our user management for setup.
-
password-string: plain text password of the user to be logged in. -
type-string: type of the SSH Client, explained below. -
skip_cmds-List[str], optional: List of commands to be skipped for only this ssh client.No exact match is required, for example
["mpstat", "ps"]will match anyps -abcdcommand and skip it.\
SPPMon currently supports 5 different ssh-types:
-
server- executes special commands for the server -
vsnap- aquire vsnap special statistics -
vadp- aquire vadp special staistics -
cloudproxy- aquire cloudproxy special staistics (like an office365 backup client) -
other- general statistics if nothing else is possible
If you use the build-in vSnap of your SPP-Server, please specify the SPP-Server twice.
Once as server and once as vsnap.
You may add multiple comma-delimited clients to the list.
Example:
{
"sppServer": {...
},
"influxDB":{...
},
"sshclients": [
{
"name" : "sppServer",
"srv_address" : "000.000.0.0",
"srv_port" : 22,
"username" : "xxx",
"password" : "xxx",
"type" : "server",
"skip_cmds" : []
},
{
"name" : "sppServer",
"srv_address" : "000.000.0.0",
"srv_port" : 22,
"username" : "xxx",
"password" : "xxx",
"type" : "vsnap",
"skip_cmds" : []
},
{
"name" : "vsnap2",
"srv_address" : "000.000.0.0",
"srv_port" : 22,
"username" : "xxx",
"password" : "xxx",
"type" : "vsnap",
"skip_cmds" : []
},
{
"name" : "otherSRV",
"srv_address" : "000.000.0.0",
"srv_port" : 22,
"username" : "xxx",
"password" : "xxx",
"type" : "other",
"skip_cmds" : []
},
{
"name" : "vadp",
"srv_address" : "000.000.0.0",
"srv_port" : 22,
"username" : "xxx",
"password" : "xxx",
"type" : "vadp",
"skip_cmds" : []
},
{
"name" : "office365 backup client 1",
"srv_address" : "000.000.0.0",
"srv_port" : 22,
"username" : "xxx",
"password" : "xxx",
"type" : "cloudproxy",
"skip_cmds" : []
}
]
}- Home
- Frequently asked Questions
- Overview of users
- Contact us
- Share Snapshots of Grafana
- SPPMon Command line arguments
- SPPCheck Command line arguments
- SPPCheck Export PDF Report
- Install Overview
- System Requirements
- Getting SPPMon Source Code
- Create dedicated user accounts in SPP server, vSnap, and VADP
- Create grafana users
- Import Grafana Dashboards