cancel
Showing results forΒ 
Search instead forΒ 
Did you mean:Β 

Daily report of changes - are you doing this?

Genericus
Moderator
Moderator
   VIP   

SO - I run this script daily - it shows changes - who updated policy, etc...

I am on unix, so I use crontab

### # nbchanges audit script
### 58 23 * * * /var/adm/scripts/nbchanges.ksh > /dev/null 2>&1

# daily report files
DATE=`/bin/date +%m/%d/%Y`
YYYYMMDD=`/bin/date +%Y%m%d`
sleep 121
# Total changes
echo "Report of NetBackup Changes for " $DATE > /usr/openv/tmp/nb.changes.total.$YYYYMMDD
/usr/openv/netbackup/bin/admincmd/nbauditreport -sdate $DATE >> /usr/openv/tmp/nb.changes.total.$YYYYMMDD
# Changes - Remove automated processes
echo "Report of NetBackup Changes for " $DATE > /usr/openv/tmp/nb.changes.$YYYYMMDD
/usr/openv/netbackup/bin/admincmd/nbauditreport -sdate $DATE | /usr/bin/grep -v "root@master" | /usr/bin/grep -v "Automatic" >> /usr/openv/tmp/nb.changes.$YYYYMMDD
# policy changes
echo "Report of NetBackup Policy Changes for " $DATE > /usr/openv/tmp/nb.policy.changes.$YYYYMMDD
/usr/openv/netbackup/bin/admincmd/nbauditreport -sdate $DATE -ctgy POLICY >> /usr/openv/tmp/nb.policy.changes.$YYYYMMDD

# add tag line to know where it came from!
echo /usr/openv/tmp/nb.changes.$YYYYMMDD
echo /usr/openv/tmp/nb.changes.$YYYYMMDD
echo "This email was generated by script /var/adm/scripts/nbchanges.ksh on server master" >> /usr/openv/tmp/nb.changes .$YYYYMMDD
echo "Run from crontab 58 23 * * * /var/adm/scripts/nbchanges.ksh > /dev/null 2>&1" >> /usr/openv/tmp/nb.changes.$YYYYM MDD

Output like:

Report of NetBackup Policy Changes for  06/01/2022

TIMESTAMP                USER                                DESCRIPTION

06/01/22 14:35:28        e2000018@lorenzo.cbc.local          Include list settings of Policy 'STORAGE.cbcnas_mssql.PROD' were modified

06/01/22 14:35:28        e2000018@lorenzo.cbc.local          Include list settings of Policy 'STORAGE.cbcnas_mssql.PROD' were modified

06/01/22 09:34:32        e2000018@lorenzo.cbc.local          Attributes of Policy 'STORAGE.nas11udpp_apmdt.PROD' were modified

06/01/22 09:33:36        e2000018@lorenzo.cbc.local          Include list settings of Policy 'STORAGE.nas11udpp_apmdt.PROD' were modified

06/01/22 07:34:13        e2000016@lorenzo.cbc.local          Policy 'DELETED.CLIENTS' was saved but no changes were detected

06/01/22 07:34:13        e2000016@lorenzo.cbc.local          Client '20220601.exalog01ulap.cbc.local' was added to Policy 'DELETED.CLIENTS'

06/01/22 07:34:12        e2000016@lorenzo.cbc.local          Policy 'DELETED.CLIENTS' was saved but no changes were detected

06/01/22 07:34:12        e2000016@lorenzo.cbc.local          Client 'exalog01ulap.cbc.local' was deleted from Policy 'DELETED.CLIENTS'

06/01/22 07:34:04        e2000016@lorenzo.cbc.local          Client 'exalog01ulap.cbc.local' was deleted from Policy 'VMWARE.Daily-B.PROD'

06/01/22 07:34:00        e2000016@lorenzo.cbc.local          Client 'exalog01ulap.cbc.local' was added to Policy 'DELETED.CLIENTS'

 

Audit records fetched: 10

 

This email was generated by script /var/adm/scripts/nbchanges.ksh on server lorenzo

Run from crontab 58 23 * * * /var/adm/scripts/nbchanges.ksh > /dev/null 2>&1

 

also output like

Report of NetBackup Changes for  06/01/2022

TIMESTAMP                USER                                DESCRIPTION

06/01/22 15:18:20        dreid.1@lorenzo                     User 'dreid.1' was successfully authenticated with host 'lorenzo'

06/01/22 14:35:28        e2000018@lorenzo.cbc.local          Include list settings of Policy 'STORAGE.cbcnas_mssql.PROD' were modified

06/01/22 14:35:28        e2000018@lorenzo.cbc.local          Include list settings of Policy 'STORAGE.cbcnas_mssql.PROD' were modified

06/01/22 09:34:32        e2000018@lorenzo.cbc.local          Attributes of Policy 'STORAGE.nas11udpp_apmdt.PROD' were modified

06/01/22 09:33:36        e2000018@lorenzo.cbc.local          Include list settings of Policy 'STORAGE.nas11udpp_apmdt.PROD' were modified

06/01/22 08:08:00        e2000049@lorenzo                    User 'e2000049@lorenzo' is logged out.

06/01/22 02:47:08        fa5a961c-385e-43fb-b14b-06343af1a0c Certificate was successfully renewed for host 'innsqlcda01uwdp-backup.cbc.local'

06/01/22 01:38:10        nbapisan@lorenzo                    User 'nbapisan' authenticated successfully

 

Audit records fetched: 583

 

This email was generated by script /var/adm/scripts/nbchanges.ksh on server lorenzo

Run from crontab 58 23 * * * /var/adm/scripts/nbchanges.ksh > /dev/null 2>&1

 

 

NetBackup 9.1.0.1 on Solaris 11, writing to Data Domain 9800 7.7.4.0
duplicating via SLP to LTO5 & LTO8 in SL8500 via ACSLS
4 REPLIES 4

quebek
Moderator
Moderator
   VIP    Certified

Hey

I am doing something similar, like dumping all policies to a file on each day and comparing that with the previous.

About audit trials - these I am calling from OpsCenter.

admin_bkp007
Level 4

I'm using this from Opscenter, all jobs was changed send e-mail to validate it .. that's nice option.

X2
Moderator
Moderator
   VIP   

I also monitor backup policies daily as they are the ones which are changed most. I also generate a list containing active/inactive information to quickly activate or deactivate the policies - this brings them to the state they were in the morning. This has saved me a few times when someone forgot to activate a policy after some work.

Also, any change in NetBackup sends an alert via OpsCenter. Sometimes the alerts are too many to handle but with only 3 people administring the backup system, it is easy to collaborate.

 

Krutons
Moderator
Moderator
   VIP   

I use to have a script that had similar functionality but with the web UI and the audit logs there, I didn't see much of a reason to continue using it. Do you prefer your script over the audit logs in the web UI?