• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 477
  • Last Modified:

What, if any, event ID is created on domain controller when a user logs off VPN?

I am attempting to use our Network Monitoring program to send an email alert when a user is granted access to, denied access to, or logs off our VPN. I am able to filter out IAS 1 for access granted, IAS 2 for access denied, but am having issues finding anything for when a user logs off their VPN client.

We use CISCO Anytime connect VPN and I DON'T see any other IAS messages besides Event ID 1 and Event ID 1. Our domain controller is on Windows Server 2003.
0
kyates57
Asked:
kyates57
  • 3
1 Solution
 
Rant32Commented:
Unfortunately, you will not see the logoff events. The IAS messages you see are generated when the VPN client authenticates to your VPN access router/firewall. The VPN router forwards the credentials to AD via RADIUS. IAS is not involved when disconnecting.

If the monitoring program supports SNMP, you may be able to generate an SMTP trap when VPN logon/logoff occurs.
0
 
Rant32Commented:
Oh, the VPN router is the device that knows when the client disconnects, any traps or reports should come from there.
0
 
kyates57Author Commented:
Let me investigate, and if I find a solution, I will post it, else, I'll mark yours as the solution. Thanks for your time!
0
 
Rant32Commented:
Did I say SMTP trap? Been doing too much of that lately. That should be SNMP.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now