• EN
Solved

Veeam O365 - exporting to log server

  • 1 February 2022
  • 8 comments
  • 270 views
A
Userlevel 2

We use Veeam Backup and Replication as well as Veeam for Office 365.

Whilst we have restricted access to our Veeam for O365 server to specific backup admins, our information security team have asked if it’s possible for the auditing logs to be fed to a log server outside of our team’s reach so that we can confidently say all of these actions are logged and an admin is unlikely to have tampered with the logs.

Basically, this isn’t about monitoring the backup jobs themselves, but we’re interested in recording that Admin1 opened Veeam Explorer for Microsoft Exchange, browsed to User23’s mailbox and opened X email in their Inbox. This can be reviewed by generating the logs, but we’re interested to find out if anyone has done this/it is possible to do this on a continual basis.

icon

Best answer by Mildur 1 February 2022, 14:32

View original

8 comments

Mildur
Userlevel 7
Badge +12

Hi @AnthonyM 

 

VBO365 doesn’t provide auditing logs like VBR.

But you can enable Auditing on specific Users. You must use VBO365 REST API to create an audit Item and you will get the mail notifications.

 

Creating Audit Items - Veeam Backup for Microsoft Office 365 REST API Reference

Product Management Analyst @ Veeam Software
A
Userlevel 2

Hi @AnthonyM 

 

VBO365 doesn’t provide auditing logs like VBR.

But you can enable Auditing on specific Users. You must use VBO365 REST API to create an audit Item and you will get the mail notifications.

 

Creating Audit Items - Veeam Backup for Microsoft Office 365 REST API Reference

That’s a great resource, thank you! So okay, not something out of the box but it sounds like this would be achievable.

Mildur
Userlevel 7
Badge +12

@AnthonyM

Your welcome.

There is a guide on the blog from @jorge.delacruz on how to enable it.

Veeam: Veeam Backup for Microsoft Office 365 v5 - Security Notifications for Restore operations - The Blog of Jorge de la Cruz

 

Product Management Analyst @ Veeam Software
jorge.delacruz
Userlevel 7
Badge +6

Hello, thanks a lot Mildur for linking to the blog post, that is top notch and have been used for a lot of Customers since it was released, I have been on a few conversations with a few with thousands of users each, and it was due the same requirement. To get the Restore Operations, not just on a normal logging tool, but as well on a more traditional Email Security Distribution List.

 

Here is a video about all of it, in case you prefer to consume the content as a video:

Ping me if you need any help.

Twitter: @jorgedlcruz / Web: https://jorgedelacruz.uk / vExpert: 2014-2022 / InfluxAce
A
Userlevel 2

This is great @jorge.delacruz - thanks for the write up!

marcofabbri
Userlevel 7
Badge +13

Hello, thanks a lot Mildur for linking to the blog post, that is top notch and have been used for a lot of Customers since it was released, I have been on a few conversations with a few with thousands of users each, and it was due the same requirement. To get the Restore Operations, not just on a normal logging tool, but as well on a more traditional Email Security Distribution List.

 

Here is a video about all of it, in case you prefer to consume the content as a video:

Ping me if you need any help.

Super useful @jorge.delacruz thank you

Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
SteveHeart
Userlevel 7
Badge +8

Have a look at this script:

 

 

A
Userlevel 2

Have a look at this script:

 

 

Thanks for this Steve - I was able to use this and modify it to enable auditing on all the items we need, it definitely saved me a lot of time compared to writing from scratch!

Comment


Terms & Conditions