968e0a7b3d
Addresses issue #861 - syslog flooded on docker host Many routine operational messages were being logged at INFO level, causing excessive log volume when monitoring multiple VMs/containers. These messages are now logged at DEBUG level: - Guest threshold checking (every guest, every poll cycle) - Storage threshold checking (every storage, every poll cycle) - Host agent linking messages - Filesystem inclusion in disk calculation - Guest agent disk usage replacement - Polling start/completion messages - Alert cleanup and save messages Users can set LOG_LEVEL=debug to see these messages if needed for troubleshooting. The default INFO level now produces significantly less log output. Also updated documentation in CONFIGURATION.md and DOCKER.md to: - Clarify what each log level includes - Add tip about using LOG_LEVEL=warn for minimal logging
6.1 KiB
⚙️ Configuration Guide
Pulse uses a split-configuration model to ensure security and flexibility.
| File | Purpose | Security Level |
|---|---|---|
.env |
Authentication & Secrets | 🔒 Critical (Read-only by owner) |
system.json |
General Settings | 📝 Standard |
nodes.enc |
Node Credentials | 🔒 Encrypted (AES-256-GCM) |
alerts.json |
Alert Rules | 📝 Standard |
email.enc |
SMTP settings | 🔒 Encrypted |
webhooks.enc |
Webhook URLs + headers | 🔒 Encrypted |
apprise.enc |
Apprise notification config | 🔒 Encrypted |
oidc.enc |
OIDC provider config | 🔒 Encrypted |
api_tokens.json |
API token records (hashed) | 🔒 Sensitive |
ai.enc |
AI settings and credentials | 🔒 Encrypted |
metrics.db |
Persistent metrics history (SQLite) | 📝 Standard |
All files are located in /etc/pulse/ (Systemd) or /data/ (Docker/Kubernetes).
🔐 Authentication (.env)
This file controls access to Pulse. It is never exposed to the UI.
# /etc/pulse/.env
# Admin Credentials (bcrypt hashed)
PULSE_AUTH_USER='admin'
PULSE_AUTH_PASS='$2a$12$...'
# API Tokens (comma-separated)
API_TOKENS='token1,token2'
Advanced: Automated Setup (Skip UI)
You can pre-configure Pulse by setting environment variables. Plain text credentials are automatically hashed on startup.
# Docker Example
docker run -d \
-e PULSE_AUTH_USER=admin \
-e PULSE_AUTH_PASS=secret123 \
-e API_TOKENS=ci-token,agent-token \
rcourtman/pulse:latest
Advanced: OIDC / SSO
Configure Single Sign-On in Settings → Security → Single Sign-On, or use environment variables to lock the configuration.
See OIDC Documentation and Proxy Auth for details.
🖥️ System Settings (system.json)
Controls runtime behavior like ports, logging, and polling intervals. Most of these can be changed in Settings → System.
Full Configuration Reference
{
"pvePollingInterval": 10, // Seconds
"backendPort": 3000, // Internal port (default: 3000)
"frontendPort": 7655, // Public port
"logLevel": "info", // debug, info, warn, error
"autoUpdateEnabled": false, // Enable auto-update checks
"adaptivePollingEnabled": false // Smart polling for large clusters
}
Note
:
logFormatis only configurable via theLOG_FORMATenvironment variable, not insystem.json.
Common Overrides (Environment Variables)
Environment variables take precedence over system.json.
| Variable | Description | Default |
|---|---|---|
FRONTEND_PORT |
Public listening port | 7655 |
LOG_LEVEL |
Log verbosity (see below) | info |
LOG_FORMAT |
Log output format (auto, json, console) |
auto |
Log Levels
| Level | Description |
|---|---|
error |
Only errors and critical issues |
warn |
Errors + warnings (recommended for minimal logging) |
info |
Standard operational messages (startup, connections, alerts) |
debug |
Verbose output including per-guest/storage polling details |
Tip
: If your syslog is being flooded with Pulse messages, set
LOG_LEVEL=warnto significantly reduce log volume while still capturing important events. |PULSE_PUBLIC_URL| Public URL for notifications/OIDC |""| |ALLOWED_ORIGINS| CORS allowed domains |""(Same origin) | |DISCOVERY_ENABLED| Auto-discover nodes |false| |PULSE_ENABLE_SENSOR_PROXY| Enable legacypulse-sensor-proxyendpoints (deprecated, unsupported) |false| |PULSE_AUTH_HIDE_LOCAL_LOGIN| Hide username/password form |false| |DEMO_MODE| Enable read-only demo mode |false|
Monitoring Overrides
| Variable | Description | Default |
|---|---|---|
PVE_POLLING_INTERVAL |
PVE metrics polling frequency | 10s |
PBS_POLLING_INTERVAL |
PBS metrics polling frequency | 60s |
PMG_POLLING_INTERVAL |
PMG metrics polling frequency | 60s |
ENABLE_BACKUP_POLLING |
Enable backup job monitoring | true |
BACKUP_POLLING_INTERVAL |
Backup polling frequency | 0 (Auto) |
ENABLE_TEMPERATURE_MONITORING |
Enable temperature monitoring (where supported) | true |
SSH_PORT |
SSH port for legacy SSH-based temperature collection | 22 |
ADAPTIVE_POLLING_ENABLED |
Enable smart polling for large clusters | false |
WEBHOOK_BATCH_DELAY |
Delay before sending batched webhooks | 10s |
Metrics Retention (Tiered)
Persistent metrics history uses tiered retention windows. These values are stored in system.json and can be adjusted for storage vs history depth:
metricsRetentionRawHoursmetricsRetentionMinuteHoursmetricsRetentionHourlyDaysmetricsRetentionDailyDays
See METRICS_HISTORY.md for details.
🔔 Alerts (alerts.json)
Pulse uses a powerful alerting engine with hysteresis (separate trigger/clear thresholds) to prevent flapping.
Managed via UI: Settings → Alerts → Thresholds
Manual Configuration (JSON)
{
"guestDefaults": {
"cpu": { "trigger": 90, "clear": 80 },
"memory": { "trigger": 85, "clear": 72.5 }
},
"schedule": {
"quietHours": {
"enabled": true,
"start": "22:00",
"end": "06:00"
}
}
}
🔒 HTTPS / TLS
Enable HTTPS by providing certificate files via environment variables.
# Systemd
HTTPS_ENABLED=true
TLS_CERT_FILE=/etc/pulse/cert.pem
TLS_KEY_FILE=/etc/pulse/key.pem
# Docker
docker run -e HTTPS_ENABLED=true \
-v /path/to/certs:/certs \
-e TLS_CERT_FILE=/certs/cert.pem \
-e TLS_KEY_FILE=/certs/key.pem ...
🛡️ Security Best Practices
- Permissions: Ensure
.envandnodes.encare600(read/write by owner only). - Backups: Back up
.envseparately fromsystem.json. - Tokens: Use scoped API tokens for agents instead of the admin password.