Microsoft NT Backup Event Logs
For the NT Backup Check we query the Windows Event Log on the local device over the preceding 24 hours to determine whether there are any occurrences of the monitored Events, 8001 (End Backup of 'System State') and 8019 (End Operation), reporting back their status.
We include the option to monitor where "Verify data after backup" (Event 8009) has been configured. Alerting when failure events are recorded that are not reflected in the backup completion status, but may affect the ability to restore from the backup set. Please note that "Verify data after backup" is enabled by default.
Where the monitored NTBackup Event type is recorded as "Information" we will report this as passed and where the monitored NTBackup Event type is recorded as "Error", or where none of the monitored Events are discovered, this is reported as failed.
We feel that it is prudent to alert to any failure events recorded in the backup, even where a success event is discovered, as this error may be an indication of a larger problem with the backup or the device.
Examples of the Informational and Error Events we monitor are included below:
|
Informational Events: |
Error Events: |
|
Event ID: 8001 |
Event ID: 8001 |
|
Event ID: 8019 |
Event ID: 8019 |
|
Event ID: 8009 Event Source NTBackup Event Type: Information Description: End Verify of 'N:' The operation was successfully completed. |
Event ID: 8009 |
Since the Backup Checks poll the device for the backup results, the results in N-sight RMM are those reported by the Backup software being monitored. If the reported result is Completed with Errors, Completed with Warnings, or a similar response, we recommend you investigate the device the problem and ensure the Backup software can backup the expected data sets.