Lesson Progress
0% Complete
A Virtual Private Network (VPN) allows users to use an encrypted tunnel to securely access a corporate or other network remotely via the Internet.
The logs from this device assist in identifying any misuse of remote connectivity by analysing anomalies, e.g. a user logging in from two geographically distant locations within a short period of time when its not physically possible to travel such a distance.
The usual information provide by VPN logs usually comprises of:
- Event timestamp (timestamp)
- Source IP address (src_ip)
- Destination IP address (dst_ip)
- Source port (src_port)
- Destination port (dst_port)
- Device type (dvc_type)
- Device class (dvc_class)
- Device subclass (dvc_subclass)
- Message severity level (msg_severity_level)
- Source Interface (src_int)
- Destination Interface (dst_int)
- Access group (access_group)
- Remaining message (msg_rem)
- Event_Type (evnt_type)
- Protocol_app (protocol_app)
- Source_MAC (src_mac)
- Destination_MAC (dst_mac)
- Network (ntwrk)
Vendors
Checkpoint
F5
Juniper
Microsoft (AlwaysOn)