Comprehensive data protection for all workloads
Post Reply
Kazz
Expert
Posts: 163
Liked: 18 times
Joined: Feb 08, 2018 3:47 am
Full Name: Kazz Beck
Contact:

veeam logs and support?

Post by Kazz »

Hi,

Starting next year, our company policy regarding file transfer services will change. Services like Dropbox, Google Drive, OneDrive, AWS S3, and others will be blocked, with no exceptions.

What does this mean for Veeam support? Will we need to manually select files from the log bundle and share them via email, or will support refuse to assist unless we provide the entire log bundle?

Thank you!
Gostev
Chief Product Officer
Posts: 32375
Liked: 7727 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: veeam logs and support?

Post by Gostev » 1 person likes this post

Hi, our Customer Support is not a part of R&D so this will not be an authoritative answer.

However I don't expect efficient and fast support will be possible without providing the entire log bundle as initial log analysis is fully automated. Honestly it's hard to say how support process will even look like without this first essential step and with individual log files provided one by one on request... each support issue will likely be taking forever to resolve.

But I'm talking technical issues requiring troubleshooting of course, not basic questions about product.

Thanks
Kazz
Expert
Posts: 163
Liked: 18 times
Joined: Feb 08, 2018 3:47 am
Full Name: Kazz Beck
Contact:

Re: veeam logs and support?

Post by Kazz »

Are there any plans to improve the whole process of log access for Veeam technical support? It's currently at the stone age where we have to manually collect then upload.

Having log analysis automated on your side does not help us, we are wasting at least 10 min every time we need to get a hold of support.

Thanks
Gostev
Chief Product Officer
Posts: 32375
Liked: 7727 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: veeam logs and support?

Post by Gostev »

What improvements do you suggest?

Manual log collection is already not required, there's a wizard that collects all required logs automatically for affected jobs and/or backup infrastructure components you select.
Kazz
Expert
Posts: 163
Liked: 18 times
Joined: Feb 08, 2018 3:47 am
Full Name: Kazz Beck
Contact:

Re: veeam logs and support?

Post by Kazz »

What am I missing?

I still have to open veeam console and navigate to collect logs menu item, then wait 5 min or more (depending on the number of days i am including), once zip file is ready i have to log in to veeam.com and manually upload the zip file to your aws s3 bucket.

What part is automated besides gathering and zipping?
Kazz
Expert
Posts: 163
Liked: 18 times
Joined: Feb 08, 2018 3:47 am
Full Name: Kazz Beck
Contact:

Re: veeam logs and support?

Post by Kazz »

why can't Veeam write another service that would be running on Veeam BR in a suspended state?
If support needs to access logs we simply start the service and let Veeam support look at our logs on our servers via a tunnel established by the service.
I am sure the development of this is way less than what Veeam spends with Aws to maintain s3 buckets for our logs
micoolpaul
VeeaMVP
Posts: 323
Liked: 139 times
Joined: Jun 29, 2015 9:21 am
Full Name: Michael Paul
Contact:

Re: veeam logs and support?

Post by micoolpaul »

Hi @Kazz, a few open questions on how would you foresee this working.

A service that is tunnelling to the internet is a security backdoor, which seems unlikely to be wanted by any security teams.
And as for the logs themselves, if we were to stream these logs via the service, we’d then need to prevent the logs from rotating whilst investigating a problem. To prevent this, we’d need to take a copy and store them somewhere, which is a problem we’ve already solved by you zipping up a copy of your logs and uploading to Veeam Support.

I’m not saying this to discredit the idea, but with these factors considered, how would you see this as an improvement?

If access to cloud storage is blocked by company policy as per OP, would it not make more sense to either have DMZ devices that can have Internet access once the logs have been copied to them, or even just firewall rules that permit the specific FQDN’s we’d use, but the rule in a disabled state, so that security could track when the outgoing traffic was being permitted and for what duration.
-------------
Michael Paul
Veeam Data Cloud Solution Engineer - M365 & Entra ID
Kazz
Expert
Posts: 163
Liked: 18 times
Joined: Feb 08, 2018 3:47 am
Full Name: Kazz Beck
Contact:

Re: veeam logs and support?

Post by Kazz »

Permissions can be set on the account running the service to have read-only access to all veeam log directories
Veeam support can look at the logs live when customer enables the tunnel. How is it a security backdoor if we aren't opening any ports? Veeam service would establish and maintain a session with your infrastructure so support can look at the logs at their convenience. You already have logic to call home for Veeam usage reporting and licensing.

Our security is perfectly fine with call home being enabled, and letting vetted vendors connect to their respective applications
FrancWest
Veteran
Posts: 550
Liked: 112 times
Joined: Sep 17, 2017 3:20 am
Full Name: Franc
Contact:

Re: veeam logs and support?

Post by FrancWest »

Gostev wrote: Dec 15, 2024 2:08 pm What improvements do you suggest?
Just an idea: would it be possible for the log collection wizard, after asking for the case id, to upload the logs automatically after collection? This way we don’t have to do it manually using the support site.
Gostev
Chief Product Officer
Posts: 32375
Liked: 7727 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: veeam logs and support?

Post by Gostev »

Yes, however this does not solve OP's problem because AWS S3 access is getting blocked off completely.
Gostev
Chief Product Officer
Posts: 32375
Liked: 7727 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: veeam logs and support?

Post by Gostev » 2 people like this post

Kazz wrote: Dec 15, 2024 8:48 pmVeeam support can look at the logs live when customer enables the tunnel. How is it a security backdoor if we aren't opening any ports? Veeam service would establish and maintain a session with your infrastructure so support can look at the logs at their convenience.
I doubt any half-decent security team will agree with you on this one.
Kazz
Expert
Posts: 163
Liked: 18 times
Joined: Feb 08, 2018 3:47 am
Full Name: Kazz Beck
Contact:

Re: veeam logs and support?

Post by Kazz »

Gostev wrote: Dec 16, 2024 9:10 am Yes, however this does not solve OP's problem because AWS S3 access is getting blocked off completely.
Support has shared this link, now we just need to convince our secuity to allow SFTP to Veeam's Columbus OH servers
https://www.veeam.com/processing_of_sen ... ort_ds.pdf

Event if we get a green light on sftp, the whole process of collecting and uploading is still archaic and needs to be revamped
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 17 guests