It looks like I want to monitor for windows event log source entries that have keyword “RASClient” in the list. These log entries are generated from the Microsoft VPN RAS application. according to research I did.
Apparently RRAS keeps local logs too. Ideally it would be great to be able to GEOLocate the VPN connection. Maybe I need to be monitoring Radius connections too? On Saturday, October 1, 2016 at 5:03:18 AM UTC-4, Jesus Linares wrote: > > Hi, > > if you share the events (logs) that you want to track, we can help to > create the decoders and rules. > > Regards. > > On Wednesday, September 28, 2016 at 5:58:03 PM UTC+2, [email protected] > wrote: >> >> I'm wondering if anyone has done an OSSEC Windows SSTP VPN rule? >> I want to start tracking and logging them, GEO tracking would be awesome? >> >> Has anyone already done this, or could they suggest a rule? >> >> Thanks! >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
