How to Implement Automated Backup Verification via RMM Alerting

The importance of backing up client data, as well as your own, is well understood by IT administrators and managed service providers (MSPs). However, many overlook the critical step of automated backup verification: checking that those backups are complete and available so that they are ready in case of disaster, and can be relied on for business continuity.

This guide explains how you can use remote monitoring and management (RMM) alerting to track the status of backups, and alert you if a backup has failed to complete. This allows you to verify that your backup solution is performing as expected without the need for inefficient, error-prone manual checks.

What you need for backup verification

The methods covered below rely on PowerShell for scripting in Windows environments, and optionally Group Policy for Active Directory for enforcing backup and logging policies.

To set up alerts to verify that your backup processes are completing successfully, you will need to use a backup solution that logs job status (for example, Veeam, Acronis, Windows backup, Macrium, and MSP360 all support this), so that these logs can be automatically inspected for problems. You will also need a user or service account with access to these logs, whether they are collected on a server or remain on individual devices.

You will also need an RMM platform that supports custom script deployment, so that you can tailor your automation scripts to your specific backup solution and requirements (NinjaOne supports this functionality). Your RMM platform should also support the centralized collection of logs for later inspection, as well as sending notifications so that you can receive alerts through your preferred channel.

The goals when creating your backup scripts and alerting workflows should include:

• The immediate detection and alerting of missed or failed backups
• The logging of successful backups for verification
• The enforcement of backup and logging policies that enable your RPO (Recovery Point Objective) and RTO (Recovery Time Objective)

While comprehensive RMM solutions include their own backup functionality, having the option to also integrate custom scripts for log checking and alerting allows you to cover edge cases or special requirements. Whichever backup solution and verification methods you employ, you must periodically confirm that they are functional and that all required data is being backed up, and that failure notifications are received successfully.

Method 1: Using RMM and PowerShell for log-based backup validation

Most backup software writes job results to log files or to the Windows Event Log. You can write PowerShell scripts that parse logs and generate alerts.

The example PowerShell script below shows how to check the Veeam backup log for success within the last 24 hours:

$log = Get-ChildItem -Path “C:\ProgramData\Veeam\Backup” -Recurse -Filter “*.log” | Sort-Object LastWriteTime -Descending | Select-Object -First 1

$lastLog = Get-Content $log.FullName | Select-String “Job finished” | Select-Object -Last 1

if ($lastLog -notmatch “Success”) {

Write-EventLog -LogName Application -Source “BackupVerifier” -EventID 2001 -EntryType Error -Message “Last backup failed or incomplete.”

}

This script can be adapted for other backup platforms by altering the path to the log file and filtering pattern.

If a failure is detected in the backup log, an event is written to the Windows Event Log using the Write-EventLog cmdlet. You can then configure your RMM alerting to be triggered on one of these log events (in this case, we’ve named the source BackupVerifier and given the backup failure an Event ID of 2001 so that your RMM platform can filter and monitor for them).

Method 2: Using CMD scripts to poll backup application status

You can also use the Command Prompt as an alternative to PowerShell scripts that search log files.

In this example, the output from the wbadmin backup tool is checked:

wbadmin get versions >> C:\Logs\backup_status.txt

findstr /C:”Backup time:” C:\Logs\backup_status.txt >nul || echo %DATE% %TIME% Backup check failed >> C:\Logs\backup_failures.txt

You can use the Windows Task Scheduler to automate this script, then configure your RMM to monitor the backup_failures.txt file for changes. As with the other examples on this page, this could be readily adapted for use with other backup solutions by altering the file paths and log format.

Method 3: Registry monitoring for backup status indicators

Backup applications that write their job status to the registry (for example, in a key like HKEY_LOCAL_MACHINE\SOFTWARE\BackupSolution\Backup\LastJobStatus) can be monitored by reading the registry with a PowerShell script, as shown in this example:

$status = Get-ItemProperty -Path “HKLM:\SOFTWARE\Veeam\Backup” -Name “LastJobStatus”

if ($status.LastJobStatus -ne “Success”) {

Write-EventLog -LogName Application -Source “BackupRegistryCheck” -EventID 3001 -EntryType Warning -Message “Backup job did not succeed.”

}

This is a generic example that can be adapted for any software that writes its outcomes to the registry. You can then create alerts in your RMM platform tied to the BackupRegistryCheck source with Event ID 3001.

Using Group Policy to enforce logging and audit policies

Group Policy Objects can be used to enforce consistent logging and auditing of backup activity across endpoints. To do this:

• Open Group Policy Management Console
• Navigate to Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Object Access
• Enable Audit File System (for backup file creation and access) and/or Audit Process Tracking (for backup process monitoring)

You can also enforce log retention settings, maximum log sizes and overwrite policies, and service startup behavior for backup agents, depending on what is supported by your platform.

Additional considerations for automating backup verification

When writing your automated backup verification scripts, you may also want to consider including the following functionality based on your requirements:

• Retention compliance: Verification of retention policies, for example, verifying that the last 7 daily, 4 weekly, and 12 monthly backups were successful
• Backup window tolerance: Scripts can tolerate expected delays or retry intervals so that real issues aren’t lost in noise
• Differentiating failures: Parse logs for specific errors (for example, disk space, access denied, and read/write errors) and include this information in your notifications
• Cross-system aggregation: Centralize backup logs and alerts into SIEM or RMM dashboards

You should also consider handling the failures of your automated backup verification scripts themselves, including scenarios such as:

• Absent log files: Check that backup jobs are running and that the paths to log files are correct
• Missing events or registry keys: Ensure scripts are run as user accounts with the necessary permissions and run with an appropriate frequency
• False positives: Fine-tune your scripts to appropriately assess and alert for success and failure

How do you verify the integrity of the backup?

In addition to verifying that backup systems are operational and backup tasks are completing successfully, you need to periodically check the integrity of your backups and their storage medium.

Many backup tools will include tools for this that also generate logs that can be parsed using the methods detailed above, allowing you to automate the testing of backup integrity as well as verifying whether backups are completing successfully. Third-party tools can also be used to compare files and log the outcome.

Backup automation and verification with NinjaOne

NinjaOne RMM reduces downtime risks for both internal IT teams and MSPs with centralized, automated backup verification across multiple devices and platforms.

In addition to its built-in backup solution that supports everything from servers to mobile devices, NinjaOne includes custom scripting for integrating your existing backup solutions, policy-based automation and scheduling, event log monitoring, and alert routing to notify the right technician when an issue arises. Everything is presented and configurable in a central dashboard for full accountability and visibility.