Page 1 of 1

Monitoring OpenVPN Logs for failures

Posted: Tue Jan 31, 2017 6:20 pm
by vindahake
We would like to monitor OpenVPN failed login attempts for any security breach on AWS Linux Server (using standard market place AMI)
We have a log management tool that continuously monitors the log files.

The /var/log/openvpnas.log does not have any information about failed logins.
Is it possible to configure the server to put log failed login error to openvpnas.log?

I did a quick search and there were references to server.conf and changing verb (verbose level) logging but could not find anything for OpenVPN AS

The Online console has Log Management but that information is not available in openvpnas.log file.
A choice would be to run /usr/local/openvpn_as/scripts/logdba but that would be on polling basis and not real time.

Any help will be appreciated to setup logging to openvpnas.log

Re: Monitoring OpenVPN Logs for failures

Posted: Tue Jan 31, 2017 6:46 pm
by novaflash
If you add "DEBUG_LOGDB=1" to the file /usr/local/openvpn_as/etc/as.conf and restart the Access Server service, it should log all the things that are usually only visible in the Admin UI under "Log Reports" (which includes failed logins) to /var/log/openvpnas.log (or to syslog if you've set Access Server to log to syslog).

Re: Monitoring OpenVPN Logs for failures

Posted: Mon Jan 11, 2021 2:32 pm
by mw_fedv
hi there, i need to know if the "openvpnas.log" will cointain vpn-access attempts from unknown user names?
as far as i tested it, try to connect with a non-existend name, there isn't a hint at the openvpnas.log so far.

My goal to get some strings i can search for, to get some alert at my monitoring.