[Veeam ONE v12] Enhanced Security, and Audit visibility using Grafana

  • 16 February 2023
  • 5 comments
  • 256 views

Userlevel 7
Badge +6

Veeam ONE v12 has been launched, and it is massive! Among so many other great features, I would like to extend today and focus on this particular new security feature, Auditing, as per the What’s New:

When I saw that functionality, I was already so excited to see what level of audit we would have.

How to enable Veeam ONE v12 Auditing?

It is really easy under the Server Settings, you will find the section called Auditing, then mark what is most relevant for you. I would mark all of them:

After we enable them, we can quickly go to our traditional Microsoft Windows Events Log, and we will find a new section called Veeam ONE. Inside this category, we can find different events, with event category, etc.:

If you explore a bit more, you could filter by Event ID, so as a quick example:

  • Event ID: 10006 - These are authentication anomalies, meaning wrong user/password.
  • Event ID: 2 - These are usually Veeam ONE Settings changes, like a new password added, a new report saved/created, etc.
  • Event ID: 3 - These are usually Veeam ONE Infrastructure changes, like adding a new ESXi to monitor, resolving alarms, etc.

I hope you get the idea. This is absolutely superb!

The Art of the possible - Monitoring Veeam ONE Audit Events with telegraf, InfluxDB, and Grafana

I have recorded a video with the how-to get all these Windows Events Logs regarding Veeam ONE and quickly visualize them with Grafana, but of course, it can be something else.

After you follow all the steps, you should see something like the next Dashboard, which updates in pretty much real-time, perfect to be on top of the authentication anomalies:

Please share your thoughts about the new VONE Audit feature, and the “How-to monitor the Monitor” :) thanks a lot!


5 comments

Userlevel 7
Badge +20

This is great Jorge.  Love seeing more auditing coming in to the programs and VONE is a good one.  Thanks for sharing this.

Userlevel 7
Badge +7

@jorge.delacruz Good job with the new release of Veeam One!  I do like that Veeam One can drop audit log events into the MS Event Viewer.  There is a lot of potential there!

 

Userlevel 7
Badge +9

Thank you @jorge.delacruz 

Userlevel 7
Badge +10

Oh man! What a beauty post.

You become these things easier bringing information, pictures and video about the content.

Thanks for that!

Userlevel 7
Badge +6

Interesting!

Comment