Auditing is one of the most important thing of every companies because is a way to understand what users do but what happen when is necessary keep under control our admins? In a scenario with one-man-band is very easy but when there are 2 or more IT Admins is very fundamental register every single activities. Backup is one of that software where audit is very important.
In Veeam Backup & Replication auditing is possible through Event Viewer: into the folder Veeam Backup we can find all the activities about our backup software. In particular, some of these EventID are:
- 23010 – New Job
- 23050 – Edit Job
- 23090 – Delete Job
To have a view of our Veeam servers it’s possible use this PowerShell script:
$Date = Get-Date 01/02/2016
$VeeamServer = “srv-veeam”
{
23010 {Write-Host $objItem.TimeGenerated, – , $objItem.Message}
23050 {Write-Host $objItem.TimeGenerated, – , $objItem.Message -ForegroundColor Yellow}
23090 {Write-Host $objItem.TimeGenerated, – , $objItem.Message -ForegroundColor Red}
}
}
Very faster but if we have System Center Operations Manager, it’s possible create new Rules to collect these EventID. An example is available here: Monitor Custom EventID
S
Follow on Socials