The client has a site-to-site VPN with a remote location. The users then RDP into a remote server and complain about sporadic dropped RDP sessions. I have turned on logging (buffer informational), but I am seeing too much non-relevant traffic. I would specifically like to only log the following:
1. Built inbound TCP connection (302013)
2. Teardown TCP connection (302014)
3. Deny TCP (no connection) from ( 106015)
It would be great to limit it to 3389 only, but I will take what I can get on this. I would appreciate any help on possible syntax to limit the logging to these messages.