grafana-veeam-audit-log.jpg
This Dashboard works natively by using telegraf and the tail plugin, using the log that can be found here - C:\ProgramData\Veeam\Backup365\Logs\Veeam.Archiver.Shell*.log :
The grok patterns can be found on the section above, add them into your telegraf, restart the telegraf service.
Then download or import this Dashboard to your Grafana, and you should see something similar to the next:
Collector Configuration Details
[[inputs.tail]]
files = ["C:\\ProgramData\\Veeam\\Backup365\\Logs\\Veeam.Archiver.Shell*.log"]
from_beginning = true
name_override = "veeam_microsoft365audit_jobs"
watch_method = "poll"
grok_patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER:nroper}\) Account:%{GREEDYDATA:operator:tag}', '%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER:nrjob}\) Notification from service: Job %{GREEDYDATA:action:tag}: %{GREEDYDATA:veeamjobname:tag} \(ID: %{GREEDYDATA:veeamjobid}\)']
grok_custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"
data_format = "grok"
# Audit for Job Edit/Deletion
[[inputs.tail]]
files = ["C:\\ProgramData\\Veeam\\Backup365\\Logs\\Veeam.Archiver.Shell*.log"]
from_beginning = true
name_override = "veeam_microsoft365audit_jobs"
watch_method = "poll"
grok_patterns = ['%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER:nroper}\) Account:%{GREEDYDATA:operator:tag}', '%{DATESTAMP_AMPM:timestamp:ts-"1/2/2006 3:04:05 PM"} %{SPACE} %{NUMBER} \(%{NUMBER:nrjob}\) %{GREEDYDATA:action:tag} job: %{GREEDYDATA:veeamjobname:tag}...']
grok_custom_patterns = "DATESTAMP_AMPM %{DATESTAMP} (AM|PM)"
data_format = "grok"```
