Skip to content
Last updated July 2, 2026

Backups

The Backups page is where HostAtlas monitors the backup files you already write to disk. You point it at the folder where your dumps land, tell it how often you expect fresh files, and the agent keeps an eye on age, size, and — critically — the entropy of the files themselves so we can shout early if something looks like ransomware.

Open it from the sidebar under Monitoring → Backups, or at /backups.

Header KPIs: total monitors, OK, warning, critical.

For each backup monitor:

  • Name and target server.
  • Backup path — the directory being watched.
  • Latest file — filename, size, modification time.
  • Status — OK, warning (file is old or small), critical (file is missing, way too old, or entropy suggests encryption).
  • Suspicion badge — LOW / MEDIUM / HIGH / CRITICAL, based on the entropy analysis.

Filter by status via the toolbar.

  • New monitor — opens the create form.
  • Delete — removes the monitor. The files on disk are never touched.
  • Mark as encrypted — on the monitor detail, flag the path as intentionally encrypted (e.g. GPG / age output). This suppresses the ransomware false-positive without disabling the age / size checks.
FieldNotes
NameFree-form label.
ServerWhich host the folder lives on.
Backup pathAbsolute directory path, e.g. /var/backups/postgres.
Expected intervalHow often new backup files should appear, in seconds. Minimum one hour.
Minimum sizeReject anything smaller — catches truncated dumps.
Maximum ageAlert when the newest file is older than this.

Every discovery cycle (~15 minutes) the agent walks each configured backup path and captures:

  • The newest file’s name, size, and modification time.
  • Shannon entropy on the first 64 KB of every file, on a 0.0–8.0 scale.
    • Plain SQL, tar, and gzip archives sit well below 7.5.
    • Files encrypted by ransomware pin near 7.99.

The results push to HostAtlas, which compares them to the monitor thresholds and flips status:

  • Newest file older than the max age → warning or critical.
  • Newest file smaller than the min size → warning.
  • Newest file missing entirely → critical.
  • Entropy jump on a path that was previously low-entropy → suspicion badge escalates.

Backup alerts route through the standard Alert Rules engine. Available conditions: backup missing, backup too old, backup too small, entropy critical.

  • Backup Runs — active dashboard for hostatlas-backup CLI runs.
  • Offsite Backups — encrypted upload to our S3, with an entropy gate that refuses to ship compromised archives.
  • Databases — for on-demand dumps from the web UI.
Was this page helpful?