What, if any, event ID is created on domain controller when a user logs off VPN?
Posted on 2010-08-31
I am attempting to use our Network Monitoring program to send an email alert when a user is granted access to, denied access to, or logs off our VPN. I am able to filter out IAS 1 for access granted, IAS 2 for access denied, but am having issues finding anything for when a user logs off their VPN client.
We use CISCO Anytime connect VPN and I DON'T see any other IAS messages besides Event ID 1 and Event ID 1. Our domain controller is on Windows Server 2003.