[Veritas-bu] backup of windows event logs

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C6653A.DE594A20
Content-Type: text/plain


Mark
Just to add to this, I just launched NBU BAR tool, specified a windows
server, checked the location c:\<root>\system32zconfig\<EventFile>.evt and
they are there!
 
Can check some Win2k3 servers if you like!
 
This is a policy for ALL LOCAL DRIVES.

Regards

Simon Weaver
3rd Line Technical Support
Windows Domain Administrator 

EADS Astrium Limited, B32AA IM (DCS)
Anchorage Road, Portsmouth, PO3 5PU

Email:  <mailto:Simon.Weaver AT Astrium-eads DOT net> Simon.Weaver AT 
Astrium-eads DOT net

-----Original Message-----
From: Kilpatrick, Mark [mailto:mark.kilpatrick AT sabeo DOT com] 
Sent: 21 April 2006 12:52
To: WEAVER, Simon; veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] backup of windows event logs



Master server is solaris 8 netbackup 6Mp2.

 

Clients are Win2003 netbackup 4.5fp6


  _____  


From: WEAVER, Simon [mailto:simon.weaver AT astrium.eads DOT net] 
Sent: 21 April 2006 12:23
To: Kilpatrick, Mark; veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] backup of windows event logs

 

Not me! What version of NBU do you run then? What platform is your Master
on?

 

 

Regards

Simon Weaver
3rd Line Technical Support
Windows Domain Administrator 

EADS Astrium Limited, B32AA IM (DCS)
Anchorage Road, Portsmouth, PO3 5PU

Email:  <mailto:Simon.Weaver AT Astrium-eads DOT net> Simon.Weaver AT 
Astrium-eads DOT net

-----Original Message-----
From: Kilpatrick, Mark [mailto:mark.kilpatrick AT sabeo DOT com] 
Sent: 21 April 2006 12:05
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] backup of windows event logs

I have just discovered that the windows event logs are not backed up as part
of a All_Local_Drives backup. We were hoping to recover an event log that
was deleted and there are no backups of these logs in the directory that
they are located in on a windows server. There is no mention of a skipped
file in the policy details for theses clients. Is anyone aware of this and
is it expected behaviour?

Thanks, Mark

 

 

 



 



 

**********************************************************************

This email and any files transmitted with it are confidential and

intended solely for the use of the individual or entity to whom they

are addressed. If you have received this email in error please notify

Sabeo Technologies.



 

This footnote also confirms that this email message has been swept for the
presence of computer viruses.

**********************************************************************

 

This email is for the intended addressee only.
If you have received it in error then you must not use, retain, disseminate
or otherwise deal with it.
Please notify the sender by return email.
The views of the author may not necessarily constitute the views of EADS
Astrium Limited.
Nothing in this email shall bind EADS Astrium Limited in any contract or
obligation.

EADS Astrium Limited, Registered in England and Wales No. 2449259
Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS,
England
        



This email is for the intended addressee only.
If you have received it in error then you must not use, retain, disseminate or 
otherwise deal with it.
Please notify the sender by return email.
The views of the author may not necessarily constitute the views of EADS 
Astrium Limited.
Nothing in this email shall bind EADS Astrium Limited in any contract or 
obligation.

EADS Astrium Limited, Registered in England and Wales No. 2449259
Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England
------_=_NextPart_001_01C6653A.DE594A20
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2900.2802" name=GENERATOR>
<STYLE>@font-face {
        font-family: Tahoma;
}
@page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
P {
        FONT-SIZE: 12pt; MARGIN-LEFT: 0cm; MARGIN-RIGHT: 0cm; FONT-FAMILY: 
"Times New Roman"
}
SPAN.emailstyle17 {
        COLOR: windowtext; FONT-FAMILY: Arial
}
SPAN.EmailStyle21 {
        COLOR: navy; FONT-FAMILY: Arial
}
DIV.Section1 {
        page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV><SPAN class=258125711-21042006><FONT face=Arial 
color=#0000ff><STRONG><EM>Mark</EM></STRONG></FONT></SPAN></DIV>
<DIV><SPAN class=258125711-21042006><STRONG><EM><FONT face=Arial 
color=#0000ff>Just to add to this, I just launched NBU BAR tool, specified a 
windows server, checked the location 
c:\&lt;root&gt;\system32zconfig\&lt;EventFile&gt;.evt and they are 
there!</FONT></EM></STRONG></SPAN></DIV>
<DIV><SPAN class=258125711-21042006><STRONG><EM><FONT face=Arial 
color=#0000ff></FONT></EM></STRONG></SPAN>&nbsp;</DIV>
<DIV><SPAN class=258125711-21042006><STRONG><EM><FONT face=Arial 
color=#0000ff>Can check some Win2k3 servers if you 
like!</FONT></EM></STRONG></SPAN></DIV>
<DIV><SPAN class=258125711-21042006><STRONG><EM><FONT face=Arial 
color=#0000ff></FONT></EM></STRONG></SPAN>&nbsp;</DIV>
<DIV><SPAN class=258125711-21042006><STRONG><EM><FONT face=Arial 
color=#0000ff>This is a policy for ALL LOCAL 
DRIVES.</FONT></EM></STRONG></SPAN></DIV>
<P align=left><SPAN lang=en-gb><EM><FONT color=#3f6296><FONT size=2><FONT 
face=Arial><FONT 
color=#0000ff>Regards</FONT></FONT></FONT></FONT></EM></SPAN></P>
<P align=left><SPAN lang=en-gb><EM><FONT color=#3f6296><FONT size=2><FONT 
face=Arial><FONT color=#0000ff>Simon 
Weaver</FONT><BR></FONT></FONT></FONT><FONT 
face=Arial color=#0000a0 size=2><STRONG>3rd Line Technical Support<BR>Windows 
Domain Administrator</STRONG></FONT></EM><FONT face=Arial> </FONT></SPAN></P>
<P><SPAN lang=en-gb><I><FONT face=Arial color=#0000ff size=2>EADS Astrium 
Limited, B32AA IM (DCS)</FONT></I></SPAN><SPAN lang=en-gb><BR><FONT face=Arial 
color=#0000ff size=2><EM>Anchorage Road, Portsmouth, PO3 
5PU</EM></FONT></SPAN></P>
<P><SPAN lang=en-gb><FONT face=Arial color=#0000ff size=2><EM>Email: 
</EM></FONT><A href="mailto:Simon.Weaver AT Astrium-eads DOT net"><FONT 
face=Arial 
size=2><EM>Simon.Weaver AT Astrium-eads DOT net</EM></FONT></A></SPAN></P>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
  <DIV></DIV>
  <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT 
  face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Kilpatrick, 
Mark 
  [mailto:mark.kilpatrick AT sabeo DOT com] <BR><B>Sent:</B> 21 April 2006 
  12:52<BR><B>To:</B> WEAVER, Simon; 
  veritas-bu AT mailman.eng.auburn DOT edu<BR><B>Subject:</B> RE: [Veritas-bu] 
backup 
  of windows event logs<BR><BR></FONT></DIV>
  <DIV class=Section1>
  <P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Master server is 
  solaris 8 netbackup 6Mp2.</SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: 
Arial"></SPAN></FONT>&nbsp;</P>
  <P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Clients are Win2003 
  netbackup 4.5fp6</SPAN></FONT></P>
  <DIV>
  <DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><FONT 
  face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">
  <HR tabIndex=-1 align=center width="100%" SIZE=2>
  </SPAN></FONT></DIV>
  <P class=MsoNormal><B><FONT face=Tahoma size=2><SPAN 
  style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: 
Tahoma">From:</SPAN></FONT></B><FONT 
  face=Tahoma size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> 
WEAVER, 
  Simon [mailto:simon.weaver AT astrium.eads DOT net] <BR><B><SPAN 
  style="FONT-WEIGHT: bold">Sent:</SPAN></B> 21 April 2006 12:23<BR><B><SPAN 
  style="FONT-WEIGHT: bold">To:</SPAN></B> Kilpatrick, Mark; 
  veritas-bu AT mailman.eng.auburn DOT edu<BR><B><SPAN 
  style="FONT-WEIGHT: bold">Subject:</SPAN></B> RE: [Veritas-bu] backup of 
  windows event logs</SPAN></FONT></P></DIV>
  <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN 
  style="FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P>
  <DIV>
  <P class=MsoNormal><EM><B><I><FONT face=Arial color=blue size=3><SPAN 
  style="FONT-WEIGHT: bold; FONT-SIZE: 12pt; COLOR: blue; FONT-FAMILY: 
Arial">Not 
  me! What version of NBU do you run then? What platform is your Master 
  on?</SPAN></FONT></I></B></EM></P></DIV>
  <DIV>
  <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN 
  style="FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>
  <DIV>
  <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN 
  style="FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>
  <P><EM><I><FONT face=Arial color=blue size=2><SPAN lang=EN-GB 
  style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 
Arial">Regards</SPAN></FONT></I></EM></P>
  <P><EM><I><FONT face=Arial color=blue size=2><SPAN lang=EN-GB 
  style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">Simon 
  Weaver</SPAN></FONT></I></EM><I><FONT face=Arial color=#3f6296 size=2><SPAN 
  lang=EN-GB 
  style="FONT-SIZE: 10pt; COLOR: #3f6296; FONT-STYLE: italic; FONT-FAMILY: 
Arial"><BR></SPAN></FONT></I><STRONG><B><I><FONT 
  face=Arial color=#0000a0 size=2><SPAN lang=EN-GB 
  style="FONT-SIZE: 10pt; COLOR: #0000a0; FONT-STYLE: italic; FONT-FAMILY: 
Arial">3rd 
  Line Technical Support</SPAN></FONT></I></B></STRONG><B><I><FONT face=Arial 
  color=#0000a0 size=2><SPAN lang=EN-GB 
  style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #0000a0; FONT-STYLE: 
italic; FONT-FAMILY: Arial"><BR><STRONG><B><FONT 
  face=Arial><SPAN style="FONT-FAMILY: Arial">Windows Domain 
  Administrator</SPAN></FONT></B></STRONG></SPAN></FONT></I></B><FONT 
  face=Arial><SPAN lang=EN-GB style="FONT-FAMILY: Arial"> </SPAN></FONT></P>
  <P><I><FONT face=Arial color=blue size=2><SPAN lang=EN-GB 
  style="FONT-SIZE: 10pt; COLOR: blue; FONT-STYLE: italic; FONT-FAMILY: 
Arial">EADS 
  Astrium Limited, B32AA IM (DCS)</SPAN></FONT></I><SPAN 
  lang=EN-GB><BR></SPAN><EM><I><FONT face=Arial color=blue size=2><SPAN 
  lang=EN-GB style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">Anchorage 
  Road</SPAN></FONT></I></EM><EM><I><FONT face=Arial color=blue size=2><SPAN 
  lang=EN-GB style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">, 
  Portsmouth, PO3 5PU</SPAN></FONT></I></EM></P>
  <P><EM><I><FONT face=Arial color=blue size=2><SPAN lang=EN-GB 
  style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">Email: 
  </SPAN></FONT></I></EM><SPAN lang=EN-GB><A 
  href="mailto:Simon.Weaver AT Astrium-eads DOT net"><EM><I><FONT face=Arial 
  size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Simon.Weaver AT Astrium-eads DOT 
net</SPAN></FONT></I></EM></A></SPAN></P>
  <BLOCKQUOTE style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt; MARGIN-RIGHT: 0cm">
    <P class=MsoNormal style="MARGIN-BOTTOM: 12pt"><FONT face=Tahoma 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original 
    Message-----<BR><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> 
    Kilpatrick, Mark [mailto:mark.kilpatrick AT sabeo DOT com] <BR><B><SPAN 
    style="FONT-WEIGHT: bold">Sent:</SPAN></B> 21 April 2006 12:05<BR><B><SPAN 
    style="FONT-WEIGHT: bold">To:</SPAN></B> 
    veritas-bu AT mailman.eng.auburn DOT edu<BR><B><SPAN 
    style="FONT-WEIGHT: bold">Subject:</SPAN></B> [Veritas-bu] backup of 
windows 
    event logs</SPAN></FONT></P>
    <P class=MsoNormal style="MARGIN-BOTTOM: 5pt"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I have just discovered that the 
    windows event logs are not backed up as part of a All_Local_Drives backup. 
    We were hoping to recover an event log that was deleted and there are no 
    backups of these logs in the directory that they are located in on a 
windows 
    server. There is no mention of a skipped file in the policy details for 
    theses clients. Is anyone aware of this and is it expected 
    behaviour?</SPAN></FONT></P>
    <P class=MsoNormal style="MARGIN-BOTTOM: 5pt"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks, Mark</SPAN></FONT></P>
    <P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN 
    style="FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P>
    <P><FONT face="Times New Roman" size=3><SPAN 
    style="FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></BLOCKQUOTE></DIV>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN>&nbsp;</P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN></P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN>&nbsp;</P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN></P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN>&nbsp;</P>
  <P><SPAN 
  style="FONT-SIZE: 8pt; FONT-FAMILY: 
'Arial'">**********************************************************************</SPAN></P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">This email and any 
files 
  transmitted with it are confidential and</SPAN></P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">intended solely for the 
  use of the individual or entity to whom they</SPAN></P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">are addressed. If you 
  have received this email in error please notify</SPAN></P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">Sabeo 
  Technologies.</SPAN></P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN></P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN>&nbsp;</P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'">This footnote also 
  confirms that this email message has been swept for the presence of computer 
  viruses.</SPAN></P>
  <P><SPAN 
  style="FONT-SIZE: 8pt; FONT-FAMILY: 
'Arial'">**********************************************************************</SPAN></P>
  <P><SPAN style="FONT-SIZE: 8pt; FONT-FAMILY: 'Arial'"></SPAN>&nbsp;</P>
  <TABLE>
    <TBODY>
    <TR>
      <TD bgColor=#ffffff><FONT color=#000000>This email is for the intended 
        addressee only.<BR>If you have received it in error then you must not 
        use, retain, disseminate or otherwise deal with it.<BR>Please notify 
the 
        sender by return email.<BR>The views of the author may not necessarily 
        constitute the views of EADS Astrium Limited.<BR>Nothing in this email 
        shall bind EADS Astrium Limited in any contract or 
        obligation.<BR><BR>EADS Astrium Limited, Registered in England and 
Wales 
        No. 2449259<BR>Registered Office: Gunnels Wood Road, Stevenage, 
        Hertfordshire, SG1 2AS, 
England<BR></FONT></TD></TR></TBODY></TABLE></BLOCKQUOTE></BODY></HTML>

<table><tr><td bgcolor=#ffffff><font color=#000000>This email is for the 
intended addressee only.<br>
If you have received it in error then you must not use, retain, disseminate or 
otherwise deal with it.<br>
Please notify the sender by return email.<br>
The views of the author may not necessarily constitute the views of EADS 
Astrium Limited.<br>
Nothing in this email shall bind EADS Astrium Limited in any contract or 
obligation.<br>
<br>
EADS Astrium Limited, Registered in England and Wales No. 2449259<br>
Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, 
England<br>
</font></td></tr></table>
------_=_NextPart_001_01C6653A.DE594A20--