I'm not familiar with RRAS or Radius. If you share the logs, we can help with decoders and rules for the events that you need.
On Monday, October 3, 2016 at 6:11:37 PM UTC+2, [email protected] wrote: > > It looks like I want to monitor for windows event log source entries that > have keyword “RASClient” in the list. These log entries are generated from > the Microsoft VPN RAS application. according to research I did. > > Apparently RRAS keeps local logs too. > > Ideally it would be great to be able to GEOLocate the VPN connection. > > Maybe I need to be monitoring Radius connections too? > > On Saturday, October 1, 2016 at 5:03:18 AM UTC-4, Jesus Linares wrote: >> >> Hi, >> >> if you share the events (logs) that you want to track, we can help to >> create the decoders and rules. >> >> Regards. >> >> On Wednesday, September 28, 2016 at 5:58:03 PM UTC+2, >> [email protected] wrote: >>> >>> I'm wondering if anyone has done an OSSEC Windows SSTP VPN rule? >>> I want to start tracking and logging them, GEO tracking would be awesome? >>> >>> Has anyone already done this, or could they suggest a rule? >>> >>> Thanks! >>> >> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
