The Event Viewer is a very useful tool however, like any log management solution, the biggest hurdle can be filtering out the noise and returning only the meaningful log data that you care about.
This is a follow-up on a previous article which can be viewed here: Finding Human Logins in the Windows Event Viewer – Suppressing Everything Else
One of the most common requests is seeing who has been in and out of a box. To that end, I want to expand a bit more and talk about how to filter on the following three things… Username, Event ID, and Logon Type.
On Thursday I released an article detailing how to get Proxmox setup and also how to configure networking with IPv6. However that article got long and I just said I would address the firewall in the future. Well, that’s today because I need to get the configuration stuff written down before I forget. In addition to the firewall there are some other security house keeping items for a new proxmox install, that includes disabling the root account and using sudo and changing the default SSH port. So let’s go.
The base OS under Proxmox is Debian. Debian is great and it is lighter-weight than Ubuntu so I am all for using it.
If you are already somewhat comfortable with Proxmox and Debian configuration and just prefer I get to the point then (more…)
One of the things I wanted to get from my OpenVPN Access Server was a usage report that would be emailed to me regularly. OpenVPN Access Server writes such logs to a file in /var/log on Ubuntu and Debian based systems. However it also writes a lot of other things. So I first started by examining the log. The key information I wanted was:
Date and Time of Successful Connections
In my setup, OpenVPN connected users are put into a unique IP subnet and assigned an address by a DHCP server that is part of Access Server. All very easy to setup. In digging through the logs I found entries that are made whenever an IP address is assigned to a newly connected user.
An entry looked something like this: (more…)