Have you ever wanted to monitor a backup software that wasn’t supported yet?

Sure, you could write a normal check for it and have it pass or fail.
But when the reporting comes out it says its just a normal script check, when in reality you want it to show as a backup check.

So here is my solution.
One script to rule them all… (Well if your backup software logs to the event logs anyway)

What this script does is checks the event viewer for an ID within a defined period. (e.g 24 hours)
And if it finds those event ID’s then it emulates the built in NT Backup (Which IS supported by Max) event it and creates a pass Event log.
If the ID is not found the back up either failed or didn’t run, so we create a failure event log for the NT backup check to read.

This means we can have our reports now showing the backup status to our customers. Win!

So this is a two stage process,
Step one. Create the script check just like any other, but it MUST be scheduled to run just before the DSC check runs.
That means that if you have the DSC running at the default 6am, this script needs to run just before then, and AFTER the backup is completed so it can read the ID’s.

The Parameters are pretty straight forward.
Find a successful backup entry in your event viewer and just copy the ID’s from there.


EventIDs – Can be a single ID or multiple, separated by a comma.
LogName – 9 times out of 10 will be Application, this is set by default so just leave it.
ProviderName – This will vary depending on the software you use so just get it from the success entry mentioned above.
LimitEntries – How many entries to pull back. Just leave this on the default 10.
MaxAge – This is How many hours to look back in the event logs for. 24 Hours is default.

Set-up the Task schedule to match the days of your backup check. (Again, make sure its before the DSC)


Annnnnd, you should see the results in the next DSC.


Here is the script:

param (
	[int]$MaxAge = 24,
	[int]$LimitEntries = 10,
	[string[]]$EventIDs = "5000,5005",
	[string]$LogName = "Application",
	[string]$ProviderName = "Altaro VM Backup"

$SuccessCount = 0
$FailCount = 0

foreach ($EventID in $EventIDs)
		Write-Host "Provider: $ProviderName"
		Write-Host "Log Name: $LogName"
		Write-Host "Event ID: $EventID"
		Write-Host "Searching for events..."
		$EventLogFilter = @{ ProviderName = $ProviderName; LogName = $LogName; ID = $EventID; StartTime = (get-date).AddHours(- $MaxAge) }
		$Events = (Get-WinEvent -FilterHashTable $EventLogFilter -MaxEvents $LimitEntries)
	catch [Exception]
		Write-Host "Can't find anything for $ProviderName in your $LogName eventlog. Please check Log name, Provider, Log ID, EventID, ComputerName and Credentials"
		exit 1001
	$EventCount = $Events.Count
	Write-Host "Returned $EventCount Events."
	If ($EventCount -gt 0)
		$SuccessCount = $SuccessCount + 1
		$FailCount = $FailCount + 1

Write-Host "Backup report for past $MaxAge Hours"
Write-Host "===================================="
Write-Host "Successfull backups: $SuccessCount"
Write-Host "Failed backups: $FailCount"

New-EventLog -LogName Application -Source "NTBackup" | Out-Null

if ($FailCount -gt 0)
	Write-EventLog -LogName Application -Source "NTBackup" -EntryType Error -Category 0 -EventId 8019 -Message "End Operation: Warnings or errors were encountered. Consult the backup report for more details."
	Exit 1001
	Write-EventLog -LogName Application -Source "NTBackup" -EntryType Information -Category 0 -EventId 8001 -Message "End Backup of 'System State'"
	Exit 0