Monitoring onpremises vpn activity

Question

Hi there,I have an onpremises always on vpn solution provided by WS2019 RRAS and WS2019 NPS. Both user and device tunnel are available through the same machine.My users authenticates by username/password for user tunnel and machine certificate for device tunnel.User tunnel also have Azure MFA provided by NPS Extension.&nbsp;Right now, I need to analyze NPS Accounting log files and RRAS Local Event Viewer in order to provide a complete report of vpn usage.There is a way to collect these informations somewhere in Azure to create a global report for any user or device authentication event? I need to monitor connection-disconnection events as well.&nbsp;Many thanks!FF

clivewatson · Answer

FrancescoFacco
&nbsp;
If you know the name of the Event log from Event Viewer, then add it into here "enter the name of an eventlog to monitor" field.
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events&nbsp;
&nbsp;
Assuming the server has the MMA on it (Windows Agent), then you will see entries flowing into the Events table (after a while) - if not please add the agent&nbsp;https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows

clivewatson · Answer

FrancescoFacco&nbsp;
&nbsp;
Typically with Log Analytics there are two or three choices:
&nbsp;
1. Give the manager Log Analytics read access, and the queries to run, probably not the best idea
2. Create a Azure Monitor Workbook - share that with Management and they can refresh that whenever they wish (they will need query access, but allows them to get the data when required in a nice format)
3. Use a Scheduled Logic App.
&nbsp; &nbsp;- Is use this a lot, set the Recurrence to once a week or whatever is required.
&nbsp; &nbsp;- Run the Query
&nbsp; - Send them an Email&nbsp;
&nbsp;
Advantage is they need no access, but there isn't an ad-hoc option
&nbsp;

&nbsp;
This is my one I use each week, it starts at midnight on Friday and emails two graphs to me
&nbsp;

&nbsp;
&nbsp;
&nbsp;

francescofacco · Answer

CliveWatson&nbsp; thanks for your info, I'll try this solutions asap.&nbsp;What about reporting? I know I'll be able to work in some ways with collected data. There is any pre-configured report generator (such as pdf or html) I can use to send scheduled report to management?&nbsp;Have any suggestion on documentation I can refer to?&nbsp;Many thanks!

francescofacco · Answer

CliveWatson&nbsp;Looks great!I'll try it certainly.&nbsp;Thank you.

mentions30 · Answer

oh's

Forum Discussion

Monitoring onpremises vpn activity

5 Replies