Monitoring Failed Backup2Go Log In Attempts

Background

My company currently uses a workstation backup product called Backup2Go from Archiware, the makers of PresSTORE. Backup2Go give you an overview or dashboard of the status of your workstations’ backups; a nice little green dot for recent successful backups and a red dot for failed backups or backups which haven’t run in awhile. While this is nice, the dashboard doesn’t do a great job indicating to you the reason why a backup failed, of which there could be many. In most cases, a backup failed because a backup started just before the user packs up his/her laptop for the day which, of course, interrupts the backup; this is fine and expected. However, when users change their network password, they often neglect to update their password in their Backup2Go client (one’s network creds are used to initiate backups). When the creds in Backup2Go don’t match the user’s network creds, the backup can’t start and we get that little red dot in the admin console. Clicking on the red dot will give you an error message, but it’s usually not that obvious what the error message means, so I’ve stopped even looking at the messages.

Solution

In order to catch backups that are failing because of invalid credentials, I wrote a little launchd/bash script (our backup server will be one of the last systems to migrate off of an Xserve) to email us when this happens. I decided to make the output a daily email. It wouldn’t take much more work to make it a Nagios/Icinga check but my boss is fond of email reports. The script runs every morning at 5:00 and sends the list of users who had an invalid log in during the previous day. Mod as you wish.

/Library/LaunchDaemons/tld.domain.InvalidBackup2GoLogin

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AbandonProcessGroup</key> <true/> <key>Label</key> <string>tld.domain.InvalidBackup2GoLogin</string> <key>ProgramArguments</key> <array> <string>/usr/local/bin/InvalidBackup2GoLogin</string> </array> <key>RunAtLoad</key> <false/> <key>StartCalendarInterval</key> <array> <dict> <key>Hour</key> <integer>5</integer> <key>Minute</key> <integer>0</integer> </dict> </array> </dict> </plist>

/usr/local/bin/InvalidBackup2GoLogin

#!/usr/bin/env bash email=address@domain.tld logfile=/usr/local/aw/lexxsrv.log grep invalid.username $logfile | awk '{print $1 " " $6}' | sed 's/[..............][-conn.lexxsrv.[0-9]*]//'| sort -u -t " " -k2 | grep $(date -v -1d +"%d/%b/%Y") | sed 's/...secret..//' | mail -s "Yesterday's Invalid Backup2Go Creds" $email