-
- Expert
- Posts: 163
- Liked: 18 times
- Joined: Feb 08, 2018 3:47 am
- Full Name: Kazz Beck
- Contact:
veeam logs and support?
Hi,
Starting next year, our company policy regarding file transfer services will change. Services like Dropbox, Google Drive, OneDrive, AWS S3, and others will be blocked, with no exceptions.
What does this mean for Veeam support? Will we need to manually select files from the log bundle and share them via email, or will support refuse to assist unless we provide the entire log bundle?
Thank you!
Starting next year, our company policy regarding file transfer services will change. Services like Dropbox, Google Drive, OneDrive, AWS S3, and others will be blocked, with no exceptions.
What does this mean for Veeam support? Will we need to manually select files from the log bundle and share them via email, or will support refuse to assist unless we provide the entire log bundle?
Thank you!
-
- Chief Product Officer
- Posts: 32375
- Liked: 7727 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: veeam logs and support?
Hi, our Customer Support is not a part of R&D so this will not be an authoritative answer.
However I don't expect efficient and fast support will be possible without providing the entire log bundle as initial log analysis is fully automated. Honestly it's hard to say how support process will even look like without this first essential step and with individual log files provided one by one on request... each support issue will likely be taking forever to resolve.
But I'm talking technical issues requiring troubleshooting of course, not basic questions about product.
Thanks
However I don't expect efficient and fast support will be possible without providing the entire log bundle as initial log analysis is fully automated. Honestly it's hard to say how support process will even look like without this first essential step and with individual log files provided one by one on request... each support issue will likely be taking forever to resolve.
But I'm talking technical issues requiring troubleshooting of course, not basic questions about product.
Thanks
-
- Expert
- Posts: 163
- Liked: 18 times
- Joined: Feb 08, 2018 3:47 am
- Full Name: Kazz Beck
- Contact:
Re: veeam logs and support?
Are there any plans to improve the whole process of log access for Veeam technical support? It's currently at the stone age where we have to manually collect then upload.
Having log analysis automated on your side does not help us, we are wasting at least 10 min every time we need to get a hold of support.
Thanks
Having log analysis automated on your side does not help us, we are wasting at least 10 min every time we need to get a hold of support.
Thanks
-
- Chief Product Officer
- Posts: 32375
- Liked: 7727 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: veeam logs and support?
What improvements do you suggest?
Manual log collection is already not required, there's a wizard that collects all required logs automatically for affected jobs and/or backup infrastructure components you select.
Manual log collection is already not required, there's a wizard that collects all required logs automatically for affected jobs and/or backup infrastructure components you select.
-
- Expert
- Posts: 163
- Liked: 18 times
- Joined: Feb 08, 2018 3:47 am
- Full Name: Kazz Beck
- Contact:
Re: veeam logs and support?
What am I missing?
I still have to open veeam console and navigate to collect logs menu item, then wait 5 min or more (depending on the number of days i am including), once zip file is ready i have to log in to veeam.com and manually upload the zip file to your aws s3 bucket.
What part is automated besides gathering and zipping?
I still have to open veeam console and navigate to collect logs menu item, then wait 5 min or more (depending on the number of days i am including), once zip file is ready i have to log in to veeam.com and manually upload the zip file to your aws s3 bucket.
What part is automated besides gathering and zipping?
-
- Expert
- Posts: 163
- Liked: 18 times
- Joined: Feb 08, 2018 3:47 am
- Full Name: Kazz Beck
- Contact:
Re: veeam logs and support?
why can't Veeam write another service that would be running on Veeam BR in a suspended state?
If support needs to access logs we simply start the service and let Veeam support look at our logs on our servers via a tunnel established by the service.
I am sure the development of this is way less than what Veeam spends with Aws to maintain s3 buckets for our logs
If support needs to access logs we simply start the service and let Veeam support look at our logs on our servers via a tunnel established by the service.
I am sure the development of this is way less than what Veeam spends with Aws to maintain s3 buckets for our logs
-
- VeeaMVP
- Posts: 323
- Liked: 139 times
- Joined: Jun 29, 2015 9:21 am
- Full Name: Michael Paul
- Contact:
Re: veeam logs and support?
Hi @Kazz, a few open questions on how would you foresee this working.
A service that is tunnelling to the internet is a security backdoor, which seems unlikely to be wanted by any security teams.
And as for the logs themselves, if we were to stream these logs via the service, we’d then need to prevent the logs from rotating whilst investigating a problem. To prevent this, we’d need to take a copy and store them somewhere, which is a problem we’ve already solved by you zipping up a copy of your logs and uploading to Veeam Support.
I’m not saying this to discredit the idea, but with these factors considered, how would you see this as an improvement?
If access to cloud storage is blocked by company policy as per OP, would it not make more sense to either have DMZ devices that can have Internet access once the logs have been copied to them, or even just firewall rules that permit the specific FQDN’s we’d use, but the rule in a disabled state, so that security could track when the outgoing traffic was being permitted and for what duration.
A service that is tunnelling to the internet is a security backdoor, which seems unlikely to be wanted by any security teams.
And as for the logs themselves, if we were to stream these logs via the service, we’d then need to prevent the logs from rotating whilst investigating a problem. To prevent this, we’d need to take a copy and store them somewhere, which is a problem we’ve already solved by you zipping up a copy of your logs and uploading to Veeam Support.
I’m not saying this to discredit the idea, but with these factors considered, how would you see this as an improvement?
If access to cloud storage is blocked by company policy as per OP, would it not make more sense to either have DMZ devices that can have Internet access once the logs have been copied to them, or even just firewall rules that permit the specific FQDN’s we’d use, but the rule in a disabled state, so that security could track when the outgoing traffic was being permitted and for what duration.
-------------
Michael Paul
Veeam Data Cloud Solution Engineer - M365 & Entra ID
Michael Paul
Veeam Data Cloud Solution Engineer - M365 & Entra ID
-
- Expert
- Posts: 163
- Liked: 18 times
- Joined: Feb 08, 2018 3:47 am
- Full Name: Kazz Beck
- Contact:
Re: veeam logs and support?
Permissions can be set on the account running the service to have read-only access to all veeam log directories
Veeam support can look at the logs live when customer enables the tunnel. How is it a security backdoor if we aren't opening any ports? Veeam service would establish and maintain a session with your infrastructure so support can look at the logs at their convenience. You already have logic to call home for Veeam usage reporting and licensing.
Our security is perfectly fine with call home being enabled, and letting vetted vendors connect to their respective applications
Veeam support can look at the logs live when customer enables the tunnel. How is it a security backdoor if we aren't opening any ports? Veeam service would establish and maintain a session with your infrastructure so support can look at the logs at their convenience. You already have logic to call home for Veeam usage reporting and licensing.
Our security is perfectly fine with call home being enabled, and letting vetted vendors connect to their respective applications
-
- Veteran
- Posts: 550
- Liked: 112 times
- Joined: Sep 17, 2017 3:20 am
- Full Name: Franc
- Contact:
-
- Chief Product Officer
- Posts: 32375
- Liked: 7727 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: veeam logs and support?
Yes, however this does not solve OP's problem because AWS S3 access is getting blocked off completely.
-
- Chief Product Officer
- Posts: 32375
- Liked: 7727 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: veeam logs and support?
I doubt any half-decent security team will agree with you on this one.Kazz wrote: ↑Dec 15, 2024 8:48 pmVeeam support can look at the logs live when customer enables the tunnel. How is it a security backdoor if we aren't opening any ports? Veeam service would establish and maintain a session with your infrastructure so support can look at the logs at their convenience.
-
- Expert
- Posts: 163
- Liked: 18 times
- Joined: Feb 08, 2018 3:47 am
- Full Name: Kazz Beck
- Contact:
Re: veeam logs and support?
Support has shared this link, now we just need to convince our secuity to allow SFTP to Veeam's Columbus OH servers
https://www.veeam.com/processing_of_sen ... ort_ds.pdf
Event if we get a green light on sftp, the whole process of collecting and uploading is still archaic and needs to be revamped
Who is online
Users browsing this forum: Bing [Bot] and 17 guests