May 06 2020
08:32 AM
- last edited on
Apr 08 2022
10:25 AM
by
TechCommunityAP
May 06 2020
08:32 AM
- last edited on
Apr 08 2022
10:25 AM
by
TechCommunityAP
Hi there,
I have an onpremises always on vpn solution provided by WS2019 RRAS and WS2019 NPS. Both user and device tunnel are available through the same machine.
My users authenticates by username/password for user tunnel and machine certificate for device tunnel.
User tunnel also have Azure MFA provided by NPS Extension.
Right now, I need to analyze NPS Accounting log files and RRAS Local Event Viewer in order to provide a complete report of vpn usage.
There is a way to collect these informations somewhere in Azure to create a global report for any user or device authentication event? I need to monitor connection-disconnection events as well.
Many thanks!
FF
May 06 2020 11:34 AM
If you know the name of the Event log from Event Viewer, then add it into here "enter the name of an eventlog to monitor" field.
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
Assuming the server has the MMA on it (Windows Agent), then you will see entries flowing into the Events table (after a while) - if not please add the agent https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
May 07 2020 01:00 AM
@CliveWatson thanks for your info, I'll try this solutions asap.
What about reporting? I know I'll be able to work in some ways with collected data. There is any pre-configured report generator (such as pdf or html) I can use to send scheduled report to management?
Have any suggestion on documentation I can refer to?
Many thanks!
May 07 2020 01:45 AM
Typically with Log Analytics there are two or three choices:
1. Give the manager Log Analytics read access, and the queries to run, probably not the best idea
2. Create a Azure Monitor Workbook - share that with Management and they can refresh that whenever they wish (they will need query access, but allows them to get the data when required in a nice format)
3. Use a Scheduled Logic App.
- Is use this a lot, set the Recurrence to once a week or whatever is required.
- Run the Query
- Send them an Email
Advantage is they need no access, but there isn't an ad-hoc option
This is my one I use each week, it starts at midnight on Friday and emails two graphs to me
May 07 2020 01:11 PM