We would like to monitor OpenVPN failed login attempts for any security breach on AWS Linux Server (using standard market place AMI)
We have a log management tool that continuously monitors the log files.
The /var/log/openvpnas.log does not have any information about failed logins.
Is it possible to configure the server to put log failed login error to openvpnas.log?
I did a quick search and there were references to server.conf and changing verb (verbose level) logging but could not find anything for OpenVPN AS
The Online console has Log Management but that information is not available in openvpnas.log file.
A choice would be to run /usr/local/openvpn_as/scripts/logdba but that would be on polling basis and not real time.
Any help will be appreciated to setup logging to openvpnas.log
Monitoring OpenVPN Logs for failures
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jan 31, 2017 6:06 pm
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Monitoring OpenVPN Logs for failures
If you add "DEBUG_LOGDB=1" to the file /usr/local/openvpn_as/etc/as.conf and restart the Access Server service, it should log all the things that are usually only visible in the Admin UI under "Log Reports" (which includes failed logins) to /var/log/openvpnas.log (or to syslog if you've set Access Server to log to syslog).
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Jan 11, 2021 2:17 pm
Re: Monitoring OpenVPN Logs for failures
hi there, i need to know if the "openvpnas.log" will cointain vpn-access attempts from unknown user names?
as far as i tested it, try to connect with a non-existend name, there isn't a hint at the openvpnas.log so far.
My goal to get some strings i can search for, to get some alert at my monitoring.
as far as i tested it, try to connect with a non-existend name, there isn't a hint at the openvpnas.log so far.
My goal to get some strings i can search for, to get some alert at my monitoring.