Grafana Dashboard for Veeam Backup for Microsoft Office 365 v3.0 - Security and Performance

Dashboard

Grafana Dashboard for Veeam Backup for Microsoft Office 365 v3.0 - Security and Performance
Last updated: a month ago

Downloads: 3

Reviews: 0

  • veeam-grafana-o365-001.png
    veeam-grafana-o365-001.png

Ready to use, by adding the collector config to your telegraf.conf, at the bottom. Telegraf will start ingesting data from the logs of Veeam Backup for Microsoft Office 365.

Measurements & Fields

  • Overview Section
    • Total MB restored using Veeam Explorer for Exchange
    • Number of times the Veeam Explorer for Exchange has been opened
    • Number of times the Veeam Explorer for OneDrive for Business has been opened
    • Number of times the Veeam Explorer for SharePoint Online has been opened
    • Number of RESTFulAPI keys which has been created or refreshed
    • Number of RESTFulAPI completed queries
  • Server Performance Section
    • Uptime of the VBO Server/s
    • Uptime, connectivity, to outlook.office365.com from VBO Server/s
    • CPU Usage of the VBO Server/s
    • RAM Usage of the VBO Server/s
    • Disk Usage of the VBO Server/s
    • Network Usage of the VBO Server/s
    • Latency in ms to outlook.office365.com from VBO Server/s
  • Security Logs
    • Restored Items using Veeam Explorer for Exchange Online, from which user to which user
    • Restored Items using Veeam Explorer for OneDrive for Business, just item name
    • Restored Items using Veeam Explorer for SharePoint Online, URL for now and if it was restored to Original Location and if it was restored to Cloud

Check now that you can see all the new data on your Chronograf: alt tag

Then download or import this Dashboard to your Grafana, and you should see something similar to the next: alt tag

Collector Configuration Details

# # Read and parse Logs from Veeam Explorer for Exchange Online
# Operator who opened the VEX
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup/ExchangeExplorer/Logs/*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_vex"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) Account:%{GREEDYDATA:operator}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# Items to restore
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup/ExchangeExplorer/Logs/*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_vex"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) Restoring message:%{GREEDYDATA:exchangeobject}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# Restore From:
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup/ExchangeExplorer/Logs/*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_vex"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) %{SPACE} From:%{GREEDYDATA:restorefrom}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# Restore To:
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup/ExchangeExplorer/Logs/*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_vex"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) %{SPACE} To:%{GREEDYDATA:restoreto}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# Bytes Restored
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup/ExchangeExplorer/Logs/*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_vex"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) Creating %{GREEDYDATA} %{NUMBER:bytesrestored:int}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# # Read and parse Logs from Veeam Backup for Microsoft Office 365 RESTFulAPI
# REST KEY ID
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup365/Logs/Veeam.Archiver.REST*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_rest"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) Adding new backup server session%{GREEDYDATA} %{GREEDYDATA:restkey}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# REST REFRESH KEY ID
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup365/Logs/Veeam.Archiver.REST*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_rest"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) Credentials refreshed%{GREEDYDATA} \(key=%{GREEDYDATA:restkey}\)']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# REST ACTIONS
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup365/Logs/Veeam.Archiver.REST*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_rest"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) Action started:%{GREEDYDATA:restaction}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# # Read and parse Logs from Veeam Explorer for OneDrive for Business
# Operator who opened the VXONE
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup/OneDriveExplorer/Logs/*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_vone"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) Account:%{GREEDYDATA:operator}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# Global monitoring for VXONE
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup/OneDriveExplorer/Logs/*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_vone"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) %{GREEDYDATA:message}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# # Read and parse Logs from Veeam Explorer for SharePoint Online
# Operator who opened the VXSPO
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup/SharePointExplorer/Logs/*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_vspo"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) Account:%{GREEDYDATA:operator}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"

# Global monitoring for VXSPO
[[inputs.logparser]]
  files = ["C:/ProgramData/Veeam/Backup/SharePointExplorer/Logs/*.log"]
  from_beginning = true
  name_override = "veeam_office365_audit_vspo"
  watch_method = "poll"

[inputs.logparser.grok]
patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER}\) %{GREEDYDATA:message}']
custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"


# # Ping and latency between the Veeam Backup for Microsoft Office 365 Server and Exchange Online on Office 365
# Ping input
[[inputs.ping]]
interval = "60s"
urls = ["outlook.office365.com"]
count = 4
timeout = 2.0