Backups
The Backups page is where HostAtlas monitors the backup files you already write to disk. You point it at the folder where your dumps land, tell it how often you expect fresh files, and the agent keeps an eye on age, size, and — critically — the entropy of the files themselves so we can shout early if something looks like ransomware.
Open it from the sidebar under Monitoring → Backups, or at /backups.
What you see
Section titled “What you see”Header KPIs: total monitors, OK, warning, critical.
For each backup monitor:
- Name and target server.
- Backup path — the directory being watched.
- Latest file — filename, size, modification time.
- Status — OK, warning (file is old or small), critical (file is missing, way too old, or entropy suggests encryption).
- Suspicion badge — LOW / MEDIUM / HIGH / CRITICAL, based on the entropy analysis.
Filter by status via the toolbar.
What you can do
Section titled “What you can do”- New monitor — opens the create form.
- Delete — removes the monitor. The files on disk are never touched.
- Mark as encrypted — on the monitor detail, flag the path as intentionally encrypted (e.g. GPG / age output). This suppresses the ransomware false-positive without disabling the age / size checks.
Creating a backup monitor
Section titled “Creating a backup monitor”| Field | Notes |
|---|---|
| Name | Free-form label. |
| Server | Which host the folder lives on. |
| Backup path | Absolute directory path, e.g. /var/backups/postgres. |
| Expected interval | How often new backup files should appear, in seconds. Minimum one hour. |
| Minimum size | Reject anything smaller — catches truncated dumps. |
| Maximum age | Alert when the newest file is older than this. |
How it works
Section titled “How it works”Every discovery cycle (~15 minutes) the agent walks each configured backup path and captures:
- The newest file’s name, size, and modification time.
- Shannon entropy on the first 64 KB of every file, on a 0.0–8.0 scale.
- Plain SQL, tar, and gzip archives sit well below 7.5.
- Files encrypted by ransomware pin near 7.99.
The results push to HostAtlas, which compares them to the monitor thresholds and flips status:
- Newest file older than the max age → warning or critical.
- Newest file smaller than the min size → warning.
- Newest file missing entirely → critical.
- Entropy jump on a path that was previously low-entropy → suspicion badge escalates.
Notifications
Section titled “Notifications”Backup alerts route through the standard Alert Rules engine. Available conditions: backup missing, backup too old, backup too small, entropy critical.
Related
Section titled “Related”- Backup Runs — active dashboard for hostatlas-backup CLI runs.
- Offsite Backups — encrypted upload to our S3, with an entropy gate that refuses to ship compromised archives.
- Databases — for on-demand dumps from the web UI.