Creating an Event Log Backup Check

hard-30576_1280One of the most frequent things I am asked is how to monitor a backup that MSP RMM does not support.  This is done by creating a pair of event log checks.  One check looks for the presence of any failures and the second looks for the absence of a success.  The example we will use here is for Windows Server Backup which is especially useful right now until the native check supports the Server 2016 version of backup.  Obviously this will only work if the backup software you are creating the checks for writes successes and failures to an event log.  You will also need to find out what the software actually writes to the log.

  • What log does the software write to (usually the application or system logs)
  • The event source
  • Event ID(s)

Here is the information you need to create the two checks for our example:


  • Name: Windows Server Backup Success
  • Log to Query: Application
  • Source: Backup
  • Alert When: Log doesn’t contain
  • Event ID(s)=4
  • Name: Windows Server Backup Failure
  • Log to Query: Application
  • Source=Backup
  • Alert When: Log contains
  • Event ID(s): 5,8,9,17,22,49,50,52,100,517,518,521,527,528,544,545,546,561,564,612

Here is what the checks look like in the dashboard: