Check Microsoft-Windows-Backup for Success or Failure via Nagios & nsclient++

As i’ve tried quite a few Tools to get a Backup Check to work (wbadmin related, powershell based, etc) and didn’t find a good solution at first i’ll explain how to get it working with nsclient quite easily. If you have the commands below its easy ;).

Fetch nsclient++ from and don’t forget to enable NRPE daemon as we will use this to fetch a „backup success“. Also set your Nagios Server as allowed address.
After nsclient++ is installed it isn’t yet ready to answer our queries correctly as „allow arguments“ is not enabled and we need it.

Startup a „notepad“ as Administrator to edit the ini file. it will be in c:\Programs\nsclient++\nsclient.ini . (hidden though, so just enter the filename as it is)
Sidenote: !!BIG!! Thanks to Microsoft for not showing files we need and naming important directories different in each locale.

Put the following block at the bottom (after the installation you shouldn’t have a NRPE server block, if you already have a installation adapt your NRPE server block accordingly)

allow arguments=1
allow nasty_meta chars=1 

your server should now be reachable via NRPE and accept arguments to its commands. So you can now use the following command from a linux server to check the windows backup. (nagios-plugins-basic package is needed in debian)

/usr/lib/nagios/plugins/check_nrpe -H YOURSERVER.local -c Check_EventLog -a "file=Microsoft-Windows-Backup" file=Application "scan-range=-1d" "filter=source like 'Backup' AND level = 'error'" "crit=count>0"

This will throw out a Critical Status if it finds a Error in the Backup eventlog in the last day. Sadly i couldn’t convince check_eventlog to be happy about a successful backup after a failed. Therefore a failed backup will show as a CRITICAL for a day in nagios (just approve it if you fixed it).

But we also want to check if Backups have been created in the last 2 days (change -2d for another timerange)

/usr/lib/nagios/plugins/check_nrpe -H YOURSERVER.local -c Check_EventLog -a "file=Microsoft-Windows-Backup" file=Application "show-all" "scan-range=-2d" "filter=id=4 " "ok=id=4" "warn=count=0" "crit=count=0"

this will return a critical state if none success logs were found. Because of the inner workings of check_eventlog (checking count for each Log Entry) it is currently not possible to issue a warning state if only 2 success backups were found.
This works for Windows Server 2012. If you have a different Version you might have to change the id from 4 to something else. See the eventlog for a success Message and copy the id.

Hope this helps as a had to try around for quite some time to convince „Check_Eventlog“ to work as i wanted it to.

2 thoughts on “Check Microsoft-Windows-Backup for Success or Failure via Nagios & nsclient++

  1. I think that what you posted was very logical.
    But, what about this? suppose you were to create a killer title?
    I am not saying your content is not solid., however what if
    you added something that grabbed people’s attention?
    I mean Check Microsoft-Windows-Backup for Success or Failure via Nagios &
    nsclient++ | devblogrbmz is a little vanilla. You ought to
    look at Yahoo’s front page and note how they
    create post titles to grab viewers to open the links.
    You might add a related video or a related pic or two to get people excited about what you’ve written.
    Just my opinion, it might make your posts a little bit more interesting.

Comments are closed.