Thursday, July 31, 2025

Regkey of the Month: August

Controlling the SQL Log Backup Temp Folder

By default, Veeam picks the local disk with the most free space (often C:) and uses a folder like \Veeam\Backup\SqlLogBackup or C:\ProgramData\Veeam\Endpoint\SqlLogBackup to store the native log backup files before copying them to the backup repository

These files are Veeam’s own “.BAK” format (not native SQL .BAK) and are deleted after shipping. However, on heavily-loaded SQL servers this can quickly fill the drive. To prevent this, Veeam provides a registry setting named SqlTempLogPath that lets administrators manually specify an alternate folder for the log backups. 


Understanding and using this key ensures log backups don’t crash your SQL server due to a full disk.

The SqlTempLogPath registry value (a REG_SZ string) tells Veeam where to stage SQL transaction log backups on the SQL Server itself. 

Its behavior varies by scenario:

Image-level (VM) backup by Veeam B&R

On the first run of a transaction log child job, Veeam scans all volumes on the SQL VM, picks the one with most free space, and writes that path into the SqlTempLogPath value. To override this default, create or update the registry entry on the SQL host

  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication  
  • Name: SqlTempLogPath (String)  
  • Value: <full desired folder path>  (no trailing “\”) 

For example, to point logs to D:\SqlLogs you could run (as Administrator) the following PowerShell command:

        New-ItemProperty -Path "HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication" `
        -Name "SqlTempLogPath" -Value "D:\SqlLogs" -PropertyType String

Veeam Agent (Standalone or managed) backups

For machine-level backups using Veeam Agent on Windows, the default temp folder is %ProgramData%\Veeam\Endpoint\SqlLogBackup\. You can override this by setting:

  • Path: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam EndPoint Backup  
  • Name: SqlTempLogPath (String)  
  • Value: <desired folder path>  (no trailing backslash)

This registry key goes on the SQL server (the machine running the Agent backup job). (If the job is managed by VBR, the VBR-style path under HKLM\SOFTWARE\Veeam\Veeam Backup and Replication is also acceptable.) 

If the SqlTempLogPath is set under the Endpoint Backup key and later becomes invalid, the log backup will fail with an error like “Cannot create folder… Invalid folder path” and the missing intervals will be flagged. 

Unlike the VM case, Veeam Agent does not automatically re-pick a drive in that situation; you must correct or remove the key and restart the job.

Cluster-aware backups

For SQL Server on a failover cluster managed by Veeam Agent (VBR-managed AG/FCI), Veeam first checks if the HKLM\SOFTWARE\Veeam\Veeam Backup and Replication key exists. 

If it does not, Veeam uses a fixed default folder (C:\ProgramData\Veeam\Backup\SqlLogBackup) on whichever node is active. 

If the key exists but SqlTempLogPath is missing or invalid, Veeam picks the largest drive and then records it in SqlTempLogPath for that node. 

To manually set a cluster node’s path, create SqlTempLogPath under HKLM\SOFTWARE\Veeam\Veeam Backup and Replication on each node (no trailing slashes). 

Note that if you point the path to a cluster disk, a failover might render it invalid: Veeam will then choose a new path and update the registry.

Important

Restart the job 

After creating or changing SqlTempLogPath, disable and re-enable (or restart) the SQL backup job. This forces Veeam’s log-shipping process to reload the new setting.

Disk space sizing

Plan ahead – you need enough space to hold the largest log backup between full backups. If you do frequent log backups, the needed temp space is roughly the size of one full backup cycle’s worth of logs (for example, if you back up every 20 minutes and keep a weekly full, you might need tens of GB). The more frequent log jobs = smaller native log chunks

Permissions

Ensure the chosen path is writable by the Veeam services (usually the local System or VeeamService account). Otherwise Veeam will fail to write the logs.

Conclusion

The SqlTempLogPath registry key is a powerful knob for Veeam administrators who need to control where SQL transaction log backups are staged. By default, Veeam chooses the largest local volume, which can be problematic on busy SQL servers. Manually setting SqlTempLogPath lets you relocate the temp files to any local drive or folder with adequate space.


Posted by at

Tuesday, July 1, 2025

Regkey of the month: JULY

It's already the third episode and summer is coming, so we're generous and bring you a combo of 2 interesting regkeys for Veeam Backup and Replication.

VTHScanEmail & VTHScanExclusions

 

In case you didn't know: VTH stands for Veeam's Threat Hunter technology.

Why Your Backups Need a Threat Hunter (and why Veeam Delivers) 

In today’s cyber battleground, relying solely on production environment security is like wearing half a suit of armor. Existing tools might miss stealthy threats, third-party scanners drain budgets and resources, and performance bottlenecks slow critical recoveries. 

Let's look at VTH: a zero-cost, zero-install second opinion embedded directly in Veeam’s SureBackup, Backup Scan, and Secure Restore workflows. No extra licenses needed. No complex deployments. Just pure, surgical malware hunting !

 




But what if you need granular control over what gets scanned? 

That’s where the registry keys VTHScanEmail and VTHScanExclusions come in to play. 

VTHScanEmail: The Email Scanning Power Switch 

  • Key Path: `HKLM\SOFTWARE\Veeam\Veeam Threat Hunter\`  
  • Value Type: DWORD  
  • Default State: `1` (Enabled)  

 

What It Do ?

 When enabled (value `1`), Veeam Threat Hunter will scan:  

  • Plaintext emails (e.g., .EML, .MSG)  
  • Email databases (PST, OST, MBX, DBZ, etc.)  

A Trade-Off: 
 

Scanning complex email structures isn’t lightweight so expect longer scan times for your restore points, especially with large mailboxes and/or a lot of local files. Think about servers that hold multiple user's OST files. If performance is critical or PST files aren’t a priority, setthis key to `0` to disable email scanning.  

My personal view:
 

Use this key situationally! Enable it for targeted Secure Restores of mail data, but disable it for broad backup scans where non-email files are the focus.  


 


VTHScanExclusions: Your Performance Safeguard 

  • Key Path: HKLM\SOFTWARE\Veeam\Veeam Threat Hunter\  
  • Value Type: REG_MULTI_SZ (Multi-String)  


This key is Threat Hunter’s "exclusion list" a wildcard-driven filter to skip non-essential paths. Every second counts during malware scans, and excluding bloated folders (like temporary files or archives) can slash scan times dramatically.  

How to use this exception list ?

One Path Per Line: List exclusions vertically—no commas, no quotes.  
Wildcards Are Your Friend (But Handle With Care):  

  •   *.log → Matches any ".log" file in any directory.  
  •   Backup* → Skips folders and files starting with "Backup" (e.g., `C:\Backup_Old\`).  
  •   \Projects\Temp\* → Ignores everything in "\Projects\Temp\" (but not subfolders like "\Projects\Temp\Archive\").  

Good to know: 

Veeam auto-prepends `*\` to your entry. 

                            "Documents*" becomes `*\Documents*` so matching any folder named "Documents".

Drive letters are wildcarded: 

                            "C:\Logs\*"  becomes "*\Logs\*"  

Minimum 3 characters per entry are needed

Deep path example: "\demo1*\demo2*\*" excludes "\demo123\demo\demo456\application.exe"

So pay attention when using wildcard in the middle of an exclusion string.  

A Real-World Example: 
 

Registry entry: 

*.tmp
Temp*
\Archive\*
Windows\Logs\*.bak

  
This set of exclusions will skip temporary files, "Temp"-prefixed items, anything in `\Archive`, and `.bak` logs under the path "Windows\Logs".  

Why This Matters: 

Veeam Threat Hunter isn’t just another scanner, it’s an insurance against "silent backup corruption". 

By leveraging these keys:  

  • You avoid scanning gigs of irrelevant email data (VTHScanEmail).  
  • You sidestep performance-killing directories (VTHScanExclusions).    
  • You gain enterprise-grade threat detection without buying new tools.  

Final Checklist:  
 

  • Back up your registry before editing.  (of course we always do !) 
  • Guest file indexing must be enabled in order to scan the individual files.

  • Use Veeam ONE to monitor scan performance trends.  
  • Combine keys: Disable email scans (`VTHScanEmail=0`) & exclude non-critical paths for max speed.  
  • Explore Veeam’s Official Threat Hunter Guide for more information



Posted by at
Subscribe to: Posts (Atom)