Lesson 1, Topic 17
In Progress

Virtual Private Network (VPN) Logs

Lesson Progress
0% Complete

A Virtual Private Network (VPN) allows users to use an encrypted tunnel to securely access a corporate or other network remotely via the Internet.

The logs from this device assist in identifying any misuse of remote connectivity by analysing anomalies, e.g. a user logging in from two geographically distant locations within a short period of time when its not physically possible to travel such a distance.

The usual information provide by VPN logs usually comprises of:

  • Event timestamp (timestamp)
  • Source IP address (src_ip)
  • Destination IP address (dst_ip)
  • Source port (src_port)
  • Destination port (dst_port)
  • Device type (dvc_type)
  • Device class (dvc_class)
  • Device subclass (dvc_subclass)
  • Message severity level (msg_severity_level)
  • Source Interface (src_int)
  • Destination Interface (dst_int)
  • Access group (access_group)
  • Remaining message (msg_rem)
  • Event_Type (evnt_type)
  • Protocol_app (protocol_app)
  • Source_MAC (src_mac)
  • Destination_MAC (dst_mac)
  • Network (ntwrk)

Vendors

Checkpoint

F5

Juniper

Microsoft (AlwaysOn)