• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN users

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> VPN users Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN users - 28.Nov.2005 6:09:56 PM   
VeenCubuS

 

Posts: 1
Joined: 28.Nov.2005
Status: offline
Hi guys! Is it possible to run a report that shows all the users that have a VPN connection. The Username, the date and the time they spent online as well as the duration? Also, how can I check if anybody is getting into our domain from outside, ie intruders? Thanks a stack!~vCb~
Post #: 1
RE: VPN users - 6.Dec.2005 3:44:35 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Veen,

You can query the log file to find these connections, then you can use third party tools or Excel to create the reports.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to VeenCubuS)
Post #: 2
RE: VPN users - 8.Jan.2006 5:24:36 AM   
J.F.

 

Posts: 43
Joined: 28.Nov.2005
Status: offline
Hi V:

It would be difficult to generate a report from this data, but you can open the RRAS snap-in > properties of your ISA/RRAS box > Logging tab > check the box to Log All Events.  Then look in the System event log for events from the "RemoteAccess" source, e.g., event ID 20194, after VPN users have connected and disconnected normally.

If you do want to extract that event log data and search it somehow, try using the script named "WMI_ADO_DumpEventLog.vbs" from www.ISAscripts.org (it's in the zip file).  This can dump local/remote event logs to a comma-separated values file that can be easily searched or imported into Excel.  There're some sample search batch scripts in that zip for extracting useful auditing data, e.g., for normal/failed logons, user accounts created, group memberships modified, etc.

On that web site is another script named "RRAS_Account_Lockout.vbs" which is used to help thwart password-guessing attacks against your ISA VPN gateway (see the KB article it mentions for more info).

Finally, you'll also find a script named "ISA_LogParser.vbs" which demos a variety of ways to run SQL queries against ISA text logs to get useful auditing data.  You can modify the sample queries inside that script to extract data pertaining just to traffic to/from the VPN Clients network.  However, this will require being fairly SQL-savvy, which isn't very fun if you're not already into that sort of thing...but, hey, it's free...  :-)

   Cheers,
      JF

(in reply to tshinder)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> VPN users Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts