Objective

Prerequisites

• EventLog Analyzer build version has to be 12570 or above. If you current version is less than the mentioned, you can Upgrade to the latest version of EventLog Analyzer
• Access to market place URL mentioned below to download the extension.

• Administrator Access to user interface to install the extension.
• Veeam Data Platform Advanced or Premium license that supports syslog event forwarding
• Availability of Syslog ports as per Listener Ports

Steps to follow

• Download and Enable Extension for Veeam
• Onboard Veeam in EventLog Analyzer
• Enable Rules for Veeam monitoring
• Enable Alerts for Veeam Alerting

1. Download the "Veeam for Log360" extension from ManageEngine Marketplace. 
2. Open EventLog Analyzer User Interface and navigate to Settings >> Admin Settings >> Installed Extensions >> Install Extension.
3. Choose Browse button, browse the downloaded file and upload it to install or update the extension.
4. Choose Continue to Install.
5. By default, all the provided capabilities of this plugin will be enabled if you would like to customize them, choose Customize.

6. Choose Continue to Install.

7. Once the extension is installed, EventLog Analyzer is now equipped with capabilities to monitor and detect Veeam log source.
   

• Event forwarding in Veeam ONE
• Event forwarding in Veeam Backup & Replication

1. Open Veeam ONE Client and navigate to Server Settings > Syslog.
2. Check Enable Syslog.
3. In Syslog server, enter the Hostname or IP of the EventLog Analyzer server in the log source.
4. Select mail under the Syslog facility dropdown.
5. Choose UDP or TCP under the Syslog transport dropdown.
6. Enter a port in which the EventLog Analyzer server is listening for Syslogs.
7. Check all options under Syslog audit events to enable comprehensive search and reporting in EventLog Analyzer.
8. Click OK to save the configuration.

1. Open Veeam Backup & Replication Console and go to Options > Event Forwarding.
2. Click Add under Syslog servers to configure a Syslog server.
3. In the Server field, provide the Hostname or IP of the EventLog Analyzer server.
4. Enter a port in which the EventLog Analyzer server is listening for Syslogs.
5. Select UDP or TCP under the Transport dropdown.
6. Click OK to add the syslog server, then click Apply to save changes.

6. Once the log packet reached the application, the log collection will start automatically and you will be able to see the events in Reports, Search tab etc.
7. You can see the Veeam reports under Reports >> Custom Reports catagory.

2. Click Redirect near Manage Rules.

1. After configuring the log source, navigate to Settings > Marketplace > Installed Extensions. Click Manage under configuration to open the Manage Configuration page.

2. Click Redirect next to Alert Profiles to navigate to the Alerts tab. Extension alert profiles appear under Custom Alert Profiles. Use the Created By column to identify Veeam alert profiles.

3. Browse the available alert profiles and enable the required ones.

Tips

1. Download the extension and add the Veeam device before performing syslog configuration.
2. Ensure to forward the syslogs to EventLog Analyzer/Log360 or the agent for which you are planning to associate by enabling the required Listener Ports.
3. EventLog Analyzer/Log360 offers the following auditing capabilities while auditing Veeam.

• MFA management
• Password and credential management
• Four-eyes authorization events

• User and group management

• Malware detection configuration changes
• Malware detection session completion events
• Malware activity detection events
• Malware remediation actions

• Global network traffic rule changes
• Global VM exclusion changes
• General settings changes
• Host configurations

• Job sessions history
• Job configurations
• Restore sessions history

• Failover plan management
• Failover plan execution history
• Infrastructure location changes

• License updates

Related Article