Veeam Backup & Replication: Audit Admin Task

Auditing is one of the most important thing of every companies because is a way to understand what users do but what happen when is necessary keep under control our admins? In a scenario with one-man-band is very easy but when there are 2 or more IT Admins is very fundamental register every single activities. Backup is one of that software where audit is very important.


In Veeam Backup & Replication auditing is possible through Event Viewer: into the folder Veeam Backup we can find all the activities about our backup software. In particular, some of these EventID are:


  • 23010 – New Job
  • 23050 – Edit Job
  • 23090 – Delete Job


To have a view of our Veeam servers it’s possible use this PowerShell script:


$Date = Get-Date 01/02/2016
$VeeamServer = “srv-veeam”

$colItems = Get-EventLog -LogName “Veeam Backup” -Source “Veeam MP” -After $Date -EntryType Information -ComputerName $VeeamServer | Where InstanceId -like ‘230*’ | Select-Object TimeGenerated,InstanceId,Message
foreach ($objItem in $colItems) {
switch ($objItem.InstanceId)
        23010 {Write-Host $objItem.TimeGenerated,  – , $objItem.Message}
        23050 {Write-Host $objItem.TimeGenerated,  – , $objItem.Message -ForegroundColor Yellow}
        23090 {Write-Host $objItem.TimeGenerated,  – , $objItem.Message -ForegroundColor Red}


Very faster but if we have System Center Operations Manager, it’s possible create new Rules to collect these EventID. An example is available here: Monitor Custom EventID