As iâ€™ve tried quite a few Tools to get a Backup Check to work (wbadmin related, powershell based, etc) and didnâ€™t find a good solution at first iâ€™ll explain how to get it working with nsclient quite easily. If you have the commands below its easy ;).
Fetch nsclient++ from http://www.nsclient.org/ and donâ€™t forget to enable NRPE daemon as we will use this to fetch a â€žbackup successâ€œ. Also set your Nagios Server as allowed address.
After nsclient++ is installed it isnâ€™t yet ready to answer our queries correctly as â€žallow argumentsâ€œ is not enabled and we need it.
Startup a â€žnotepadâ€œ as Administrator to edit the ini file. it will be in c:\Programs\nsclient++\nsclient.ini . (hidden though, so just enter the filename as it is)
Sidenote: !!BIG!! Thanks to Microsoft for not showing files we need and naming important directories different in each locale.
Put the following block at the bottom (after the installation you shouldnâ€™t have a NRPE server block, if you already have a installation adapt your NRPE server block accordingly)
[/settings/NRPE/server] allow arguments=1 allow nasty_meta chars=1
your server should now be reachable via NRPE and accept arguments to its commands. So you can now use the following command from a linux server to check the windows backup. (nagios-plugins-basic package is needed in debian)
/usr/lib/nagios/plugins/check_nrpe -H YOURSERVER.local -c Check_EventLog -a "file=Microsoft-Windows-Backup" file=Application "scan-range=-1d" "filter=source like 'Backup' AND level = 'error'" "crit=count>0"
This will throw out a Critical Status if it finds a Error in the Backup eventlog in the last day. Sadly i couldn’t convince check_eventlog to be happy about a successful backup after a failed. Therefore a failed backup will show as a CRITICAL for a day in nagios (just approve it if you fixed it).
But we also want to check if Backups have been created in the last 2 days (change -2d for another timerange)
/usr/lib/nagios/plugins/check_nrpe -H YOURSERVER.local -c Check_EventLog -a "file=Microsoft-Windows-Backup" file=Application "show-all" "scan-range=-2d" "filter=id=4 " "ok=id=4" "warn=count=0" "crit=count=0"
this will return a critical state if none success logs were found. Because of the inner workings of check_eventlog (checking count for each Log Entry) it is currently not possible to issue a warning state if only 2 success backups were found.
This works for Windows Server 2012. If you have a different Version you might have to change the id from 4 to something else. See the eventlog for a success Message and copy the id.
Hope this helps as a had to try around for quite some time to convince â€žCheck_Eventlogâ€œ to work as i wanted it to.