Reports

Once BGuardian completes the different analysis that has been configured for it will produce a report of what has been found in different formats:

  • It will directly output the detailed information to STDOUT in human-friendly text format. If it was invoked from a job, these output will be visible in the joblog.

  • It will produce a computer-friendly report inside the configured reports_path, this is in json format.

  • It will produce a friendly HTML report with the essential information inside the configured reports_path.

Text and json reports will contain the following data:

  • A summary of the services that were run

  • Produced errors, if any

  • Version of BGuardian

  • Date of the report

  • Summary of the configuration used

  • Summary of alerts generated

  • List of issues found organized by service

  • Totals for ignored results, passed checks and alerts

  • Paths of the generated Reports

In general, the format of the issues is structured like this:

Events Configuration
Severity | Code | Entity+Details | Description.

Where:

  • Severity: Reflects the relative relevance of the issue. It can be High, Medium or Low

  • Code: Identifies the issue in a unique form. This code can be used to call the alerts function and ignore the issue in future executions

  • Entity and details will represent the element affected by the issue (usually a job, a daemon name or a user).

  • Description: Shows a message describing the situation

Below there is an output text example:

BGuardian Example
$ sudo -u bacula /bin/bash /opt/bacula/bin/bguardian
Cleaning old reports in /tmp/regress/working/bguardian/.reports...
Running service: configurationsecurity
Running service: deviation
Running service: successratio
Running service: failedinarow
Running service: empty
Running service: nocopy
Alert: GNC__guardianjob partially recovered:GuardianJob
Alert: GNC__guardianjob recovered
Running service: noverify
Alert: GNV__guardianjob partially recovered:GuardianJob
Alert: GNV__guardianjob recovered
Running service: restorefrequency
Running service: nototp
bweb_user not found
======================== BGUARDIAN Report ========================
Version: 1.0.0
Report Date: 2023-06-16 12:23:21
================ Config ================
ALERT_OPERATION : LIST
MODE : CHECK
REPORTS_KEEP_NUMBER : 100
SUCCESS_SEVERITY_LOW_LIMIT : 0.6
DEV_MIN_EXECUTIONS : 5
DEV_INCLUDE_BY_AVG : true
...
========================================
========== Active alerts ===========
GC__CATA | LOW | Service: configurationsecurity | Entity: catalog_backup
GC__CONF | LOW | Service: configurationsecurity | Entity: config_backup
GC__CONS | LOW | Service: configurationsecurity | Entity: consoles
GC__COPY | LOW | Service: configurationsecurity | Entity: copy
GC__EVEN | LOW | Service: configurationsecurity | Entity: events
GC__MALW | LOW | Service: configurationsecurity | Entity: malware
GC__PASS | LOW | Service: configurationsecurity | Entity: passwords
GC__PERM | LOW | Service: configurationsecurity | Entity: permissions
GC__REST | LOW | Service: configurationsecurity | Entity: restore
GC__SECU | LOW | Service: configurationsecurity | Entity: security_plugin
GC__VERI | LOW | Service: configurationsecurity | Entity: verify
GRF__guardianjob | LOW | Service: restorefrequency | Entity: guardianjob
GSR__guardianjob | LOW | Service: successratio | Entity: guardianjob
=====================================
############### Service: Configuration security ###############
HIGH | GC__CONF | Catalog Backup Job executions : Catalog Backup Job was not run last 10 days
HIGH | GC__CATA | Config Backup Job executions : Config Backup Job was not run last 10 days
MEDIUM | GC__COPY | 2-Tier Jobs executions : 2-Tier Jobs (Copy or Migration) were not run last 15 days
MEDIUM | GC__EVEN | Audit events : Events are not enabled in any Director Message resource. They are important to keep track of important events related with security
MEDIUM | GC__PASS__Fileset_MySQLDumpUser | Not protected plugin password : Fileset_MySQLDumpUser contains a password or key directly inside the plugin line. It's recommended to store it in an external protected file
MEDIUM | GC__PERM__/opt/bacula/lib | Too open permissions : Too open permissions found for path: /opt/bacula/lib
MEDIUM | GC__VERI | Verify Jobs executions : Verify Jobs were not run last 30 days
LOW | GC__MALW__GuardianJob | Malware protection : GuardianJob has not enabled Malware protection. It could be enabled, as fileset signature is compatible
LOW | GC__SECU__127.0.0.1-fd | Plugin security usage : 127.0.0.1-fd has no installed plugin security. This is recommended for security reasons
LOW | GC__REST | Restore Jobs executions : Restore Jobs were not run last 30 days
LOW | GC__CONS | Restricted consoles : No restricted console was found. If external connections are allowed, it is recommended to use restricted consoles for them
############### Service: Success Ratio ###############
LOW | GSR__GuardianJob | Job: GuardianJob | Executions: 11 | Ratio: 63,6%
############### Service: Restore frequency ###############
MEDIUM | GRF__GuardianJob | Job: GuardianJob | Executions: 7 | Restores: 0 | Ratio: 0
========================================
Ignored results: 0
Passed checks: 11
Alerts: 13
==================================================================
Json report built in: /tmp/regress/working/bguardian/.reports/Report__2023-06-16_122324.json
Html report built in: /tmp/regress/working/bguardian/.reports/Report__2023-06-16_122324.html

The HTML report will reflect the issue information in a summarized way, with collapsible blocks with a more friendly format. It is also possible to see a summary of the issues grouped by severity.

Here we show an example HTML report:

BGuardian HTML Report

BGuardian HTML Report

For the deviation service, not that it will visually mark what value (from files, size or time) has been increased or decreased significantly enough to select and include the job into the report.

In future versions of Bacula, the Web User Interface will interpret this information and also make it directly accessible through the Web layer.

BGuardian will generate one json report and one html report for every execution by default. By default, will keep 100 reports of each kind before removing the oldest ones. This report rotation capability can be adjusted with the parameter reports_keep_number.

Go back to the main operations page.