No. There is nothing in the

MJ_Santor · ‎05-21-2014

Is there a log file stashed someplace that can be viewed to verify that data is indeed being encrypted? Looking for a way to determine this without going through and deleting/changing the keys and would think that something should show up in a log to present either status or progress??

pkh · ‎05-21-2014

No. There is nothing in the job log that will show that the data is being encrypted. Check your job property. You can add this requirement as an idea in the Ideas section

MJ_Santor · ‎05-21-2014

Does that go for any of the logs that Backup exec generates aside from the job log?

Sush--- · ‎05-21-2014

Hello MJ, You can enable sgmon debugging which will give you the required information. SGmon debugging is used by Technical Support engineers to troubleshoot the issue. To run Sgmon go to C:\Program Files\Symantec\Backup Exec\sgmon.exe When new window open select following: -Job Engine,Raws -BE Server -Device n Media -capture to file Run the job which needs to be verified. Then a log file in format -sgmon.log will be created in Logs folder under Backup exec folder. You can open this log and check if encryption is used. Note: you need to read the logs carefully to get accurate results. Regards, -Sush...

Larry_Fine · ‎05-21-2014

The job log will show your encryption selections and the results.

Backup Options
Media operation - Append to media, overwrite if no appendable media is available. Compression Type: Hardware [if available, otherwise none] Encryption Type: Hardware

Backup Set Summary
Backed up 2 files in 2 directories. Processed 2,147,484,508 bytes in 1 minute and 3 seconds. Throughput rate: 1950 MB/min Compression Type: Hardware Encryption Type: Hardware

MJ_Santor · ‎05-21-2014

Is that enough to say that the data going onto that media from that particular job IS being encrypted?

Biker_Dude · ‎05-21-2014

The sgmon log mentioned above will have SPOUT (Security Protocol Output) commands listed. Tape drives supporting encryption use this SCSI command to encrypt the data before it is written to tape.

Here's a document from HP that explains what goes on behind the scenes:

http://h20195.www2.hp.com/V2/GetPDF.aspx%2F4AA1-4878ENW.pdf

I am sure there is one out there from IBM too.

Larry_Fine · ‎05-21-2014

I assume that depends upon your needs and level of trust.

Some folks verify every single tape is encrypted. Some folks verify that it encrypted one test tape once upon a time. Some folks totally trust the job log. Some folks verify it when they test their off-site restore capability.

FWIW, I haven't heard of anybody saying the job log was not reliable in this regard.

Sush--- · ‎05-22-2014

Well if you still want to completely ensure that data is getting encrypted during backups then you build another media server and try to restore from the encrypted tapes. This will either fail the job or ask for encryption key. This will be some manual process but sure enough you will get the required results. Thanks, -Sush...

pkh · ‎05-22-2014

If you read his original post you would see that he is aware of how to test whether the backup set is encrypted. He wanted an easier way to verify that encryption had taken place

MJ_Santor · ‎05-22-2014

Correct. My reasoning for looking for something simple like a log file is to be able to determine if some of our sites are indeed encypting their backups as mandated. A simple file would make it much easier and less intrusive for me to get the information I need instead of removing keys and running extra jobs to prevent creating a visible audit trail along with suspisions and in return people trying to cover their tracks for something they are mandated to do but aren't.

Larry_Fine · ‎05-22-2014

No. There is nothing in the job log that will show that the data is being encrypted.

Not correct.

VOX

Verifying Backup Exec is performing encryption operations