Showing results for 
Search instead for 
Did you mean: 

How to move all Netbackup logs another server to audit

Level 4
Partner Accredited Certified
Hello people,

My company is centralizing all the operational transaction logs on a syslog server and I need to direct all the logos generated in the netbackup daily tasks to that server, does anyone know how I perform this procedure?


Hi Kleber,

Not sure if you are using NetBackup appliances, as you have tagged this as version 8.1.2, rather than 3.1.2.  I haven't been able to find anything relevant for syslog forwarding for 8.1.2, but it is definitely available for appliances from version 3.0 onwards (also applies to the virtual appliances).

If you are using appliances, then have a look at the NetBackup Appliance Administrator's Guide (this is version 3.1), starting on page 251:

It says it supports Arcsight and Splunk syslog servers, but also other that use the Rsyslog client.  If this query is for non appliance configs, then I guess a support call to Veritas is your best bet - unless someone else in the forum has more info.

Hope this helps,


Level 6

I've not been involved in Appliances for a while but I'm pretty sure this only applies to Appliance OS and hardware logs, not NetBackup itself.

Regarding forwarding NetBackup logs, you could I guess replicate log directories to an external server by some method but you really also want to keep logs locally for debugging etc. You would also have the issue of expiring logs on the remote server etc. plus it needs to run NetBackup to interpret Unified logs. Sounds like a lot of effort for little or no gain...


Partner    VIP    Accredited Certified

Understand the requirement - I had a few recent works where customers requested to improve their security posture and used centralised log tools/SIEM for likes of ELK stack or Splunk.

If you are using Splunk then it's relatively easy - the toolset already costs arm and leg so you can attach their log collectors to get logs from NBU. With unified logs you may need to do some pre-processing with vxlogview and dumping logs into a temp folder periodically.

With ELK/syslog/rsyslog it's reasonably easy to set up log forwarding by running a number of tail -f processes and pipe the output to syslog for forwarding - this works, of course if you using Linux on your Master. If you are on Windows then you probably need to fork out cash for a tool that does that as syslog is not Windows native and needs pre-processing anyway and nobody going to do it for you for free - but if you use Splunk then just make this their problem.