Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. Veritas NetBackup™ Logging Reference Guide
  3. Using logs
  4. Logging options with the Windows Event Viewer
Veritas NetBackup™ Logging Reference Guide

Logging options with the Windows Event Viewer

The NetBackup Windows master servers can be configured to write messages from NetBackup processes to the Application Event log as well as their normal location. These messages can be reviewed in the Windows Event Viewer and also use third-party tools to monitor the Application Event log for these messages.

Two logging options can be used to write messages to the Application Event log. These can be used separately or together and are specific to the type of process that you want to log, as follows:

  • To monitor unified processes (process names that start with nb; for example, nbrb), use the vxlogview command.

  • To monitor legacy processes (process names that start with bp; for example, bpdbm), configure the eventlog file.

Note:

For the settings in the vxlogcfg command or the eventlog file to take effect, you must restart the NetBackup services.

To route unified logging application and diagnostic messages for an originator to the Windows Event Viewer Application log, use the vxlogcfg command and set the LogToOslog value to true for that originator.

The following example routes the application and diagnostic messages for nbrb to the Windows Event Viewer Application log:

# vxlogcfg -a -o nbrb -p NB -s "LogToOslog=true"

and the following example message is written in the Windows Event Viewer Application log when the operating system logging is enabled for nbrb:

from nbrb - request ID {1C7FF863-4BCB-46EA-8B35-629A43A4FF1F} failed with status 0
  (Not Enough Valid Resources); releasing 2 allocated resources

Note:

For this setting to take effect, you must restart the NetBackup services.

When you change this option, the ignorable error messages are also written to the Windows Event Viewer Application log. For example, if you specify the following command:

# vxlogcfg -a -o nbpem -p NB -s "LogToOslog=true"

the following example of an ignorable message is written in the Windows Event Viewer Application log when a storage lifecycle policy does not exist:

call NBProxy::getClientList failed to nbproxy with status 227

A complete description of vxlogcfg is in the NetBackup Commands Reference Guide.

To use the eventlog file, do the following:

  • Create the following file on the NetBackup master server.

    install_path\NetBackup\db\config\eventlog
  • Optionally, add an entry to the eventlog file. The following is an example:

    56 255

Note:

For this setting to take effect, you must restart the NetBackup services.

The parameters in the eventlog represent severity and type. The parameters have the following characteristics:

Severity

  • Listed as the first parameter.

  • Controls the messages that NetBackup writes to the Application log.

  • If the file is empty, the default severity is Error (16).

  • If the file has only one parameter, it is used for the severity level.

Type

  • Listed as the second parameter.

  • Controls the type of messages that NetBackup writes to the Application log.

  • If the file is empty, the default type is Backup Status (64).

Both parameters are specified as decimal numbers and equate to a bitmap that expresses the following values:

Severity

1 = Unknown

2 = Debug

4 = Info

8 = Warning

16 = Error

32 = Critical

Type

1 = Unknown

2 = General

4 = Backup

8 = Archive

16 = Retrieve

32 = Security

64 = Backup Status

128 = Media Device

You can configure the eventlog file to log the messages that include several different severities and types. If you specify an entry of 56 255 in the eventlog file, the results are as follows:

Entry 56

Produces a log with the messages that have a severity of warning, error, and critical. (56 = 8 + 16 + 32)

Entry 255

Produces a log with messages for all types. (255 = 1 + 2 + 4 + 8 + 16 + 32 + 64 +128)

The following example message is written in the Windows Event Viewer Application log:

16 4 10797 1 cacao bush nbpem backup of client bush exited with status 71

The definition of each value is as follows (left to right):

  • Severity = 16 (Error)

  • Type = 4 (Backup)

  • Job ID = 10797

  • Job group ID = 1

  • Server = cacao

  • Client = bush

  • Process = nbpem

  • Text = backup of client bush exited with status 71

Feedback

Was this page helpful?
Previous

Setting retention limits for logs on clients

Next

Troubleshooting error messages in the NetBackup Administration Console

Feedback

Was this page helpful?