Embed Size (px)
Citation preview
Integrate OpenVPN EventTracker v8.x and above
Publication Date: January 9, 2019
1
Integrate OpenVPN
Abstract This guide provides instructions to configure OpenVPN to generate logs for critical events. Once EventTracker
is configured to collect and parse these logs, dashboard and reports can be configured to monitor OpenVPN.
Scope
The configurations detailed in this guide are consistent with EventTracker Enterprise version v8.x or above
and OpenVPN.
Audience Administrators who are assigned the task to monitor OpenVPN events using EventTracker.
The information contained in this document represents the current view of Netsurion. on the issues
discussed as of the date of publication. Because Netsurion must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Netsurion, and Netsurion
cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS OR
IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, this paper may be freely distributed without permission from Netsurion, if
its content is unaltered, nothing is added to the content and credit to Netsurion is provided.
Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Netsurion, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The example companies, organizations, products, people and events depicted herein are fictitious.
No association with any real company, organization, product, person or event is intended or should
be inferred.
© 2019 Netsurion. All rights reserved. The names of actual companies and products mentioned
herein may be the trademarks of their respective owners.
2
Integrate OpenVPN
Table of Contents Abstract ............................................................................................................................................................. 1
Scope ................................................................................................................................................................. 1
Audience ............................................................................................................................................................ 1
Overview ................................................................................................................................................................ 3
Prerequisites .......................................................................................................................................................... 3
Configure OpenVPN to forward logs to EventTracker .......................................................................................... 3
Enable OpenVPN debug logging and syslog daemon .................................................................................... 3
Forward logs to EventTracker Manager ........................................................................................................ 4
EventTracker Knowledge Pack .............................................................................................................................. 5
Flex Reports ....................................................................................................................................................... 5
Alerts ................................................................................................................................................................. 7
Categories and Saved Searches ......................................................................................................................... 7
Knowledge Objects ............................................................................................................................................ 7
Import OpenVPN knowledge pack into EventTracker .......................................................................................... 7
Category ............................................................................................................................................................ 8
Alerts ............................................................................................................................................................... 10
Knowledge Objects .......................................................................................................................................... 11
Flex Reports ..................................................................................................................................................... 12
Dashboards ...................................................................................................................................................... 14
Verify OpenVPN knowledge pack in EventTracker ............................................................................................. 18
Categories ........................................................................................................................................................ 18
Alerts ............................................................................................................................................................... 18
Token Templates ............................................................................................................................................. 19
Knowledge Objects .......................................................................................................................................... 19
Flex Reports ..................................................................................................................................................... 20
Dashboards ...................................................................................................................................................... 21
Sample Flex Dashboards.................................................................................................................................. 22
3
Integrate OpenVPN
Overview OpenVPN is an open-source commercial software that implements virtual private network techniques to create
secure point-to-point or site-to-site connections in routed or bridged configurations and remote access
facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.
EventTracker helps to monitor events from OpenVPN. It’s knowledge object and flex reports will help you to
analyse login and logout activities and to monitor login failure events.
Prerequisites • OpenVPN Access Server should be configured for forwarding logs.
• Please add exception for port 514 in firewall if it exists in between OpenVPN Access Server and
EventTracker Manager.
Configure OpenVPN to forward logs to EventTracker To configure the OpenVPN to forward logs to a syslog server, please follow the below mentioned steps:
Enable OpenVPN debug logging and syslog daemon
Please follow the below steps to enable debug logging and syslog daemon in OpenVPN Access Server:
Steps:
1. Open the “as.conf” file in text editor. (Located in /usr/local/openvpn_as/etc/as.conf on Access
Server)
Figure 1
2. Add the below mentioned flags at the bottom of the line.
DEBUG_LOGDB=1
SYSLOG=1
4
Integrate OpenVPN
Figure 2
3. Press ‘:wq’ then press Enter to save the changes.
4. After saving the “as.conf” file, restart the OpenVPN access server service.
Figure 3
Forward logs to EventTracker Manager
Configure the rsyslog to forward logs to EventTracker:
Steps:
1. Open the “rsyslog.conf” file in a text editor with sudo privilege.(Located in /etc/rsyslog.conf on
Access Server)
Figure 4
2. Add below mentioned lines with EventTracker manager IP address (i.e. 12.32.100.69) at the bottom
of the line.
*.* @EventTracker Manager IP Address:514
Figure 5
3. Press ‘:wq’ then press Enter to save the changes.
4. After saving the file, restart the rsyslog and OpenVPN access server service.
Figure 6
5
Integrate OpenVPN
EventTracker Knowledge Pack Once logs are received by EventTracker manager, Knowledge Packs can be configured into EventTracker.
The following Knowledge Packs are available in EventTracker Enterprise to support OpenVPN.
Flex Reports
• OpenVPN - Client Login and Logout activity - This report gives the information about successful VPN
client login and logout activity.
Figure 7
Sample logs:
Figure 8
• OpenVPN - Client Login Failure - This report gives the information about VPN client login failure.
Figure 9
6
Integrate OpenVPN
Sample logs:
Figure 10
• OpenVPN - Admin Login Success and Failure - This report gives information about VPN admin successful
login and login failures in web console.
Figure 11
Sample logs:
Figure 12
7
Integrate OpenVPN
Alerts
• OpenVPN: Login failed - This alert will be generated when a VPN login failure occurs.
Categories and Saved Searches
• OpenVPN - Client Login and Logout Activity - This category provides information related to VPN client login
and logout activity.
• OpenVPN - Client Login failure - This category provides information related to VPN client login failures.
• OpenVPN - Admin Login Success and Failure - This category provides information related to VPN admin
login success and failures.
Knowledge Objects
• OpenVPN - Client Login and Logout Activity - This knowledge object helps to analyze logs related to VPN
client login and logout activity.
• OpenVPN - Client Login failure - This knowledge object helps to analyze logs related to VPN client login
failures.
• OpenVPN - Admin Login Success and Failure - This knowledge object helps to analyze logs related to VPN
admin login success and failures.
Import OpenVPN knowledge pack into EventTracker NOTE: Import knowledge pack items in the following sequence:
• Categories
• Alerts
• Token Templates
• Knowledge Objects
• Flex Reports
• Dashboards
1. Launch EventTracker Control Panel.
2. Double click Export Import Utility.
8
Integrate OpenVPN
Figure 13
3. Click the Import tab.
Category
1. Click Category option, and then click the browse button.
9
Integrate OpenVPN
Figure 14
2. Locate Category_OpenVPN.iscat file, and then click the Open button.
3. To import categories, click the Import button.
EventTracker displays success message.
Figure 15
4. Click OK, and then click the Close button.
10
Integrate OpenVPN
Alerts
1. Click Alert option, and then click the browse button.
Figure 16
2. Locate Alert_OpenVPN.isalt file, and then click the Open button.
3. To import alerts, click the Import button.
Token Templates
1. Click Parsing rules under Admin option in the EventTracker manager page.
2. Move to Template and click on import configuration icon on the top right corner.
3. In the popup window, browse the file named Token Template_ OpenVPN.ettd.
11
Integrate OpenVPN
4. Now select all the check box and then click on Import option.
Figure 17
Knowledge Objects 1. Click Knowledge objects under Admin option in the EventTracker manager page.
2. Locate the KO_OpenVPN.etko file.
Figure 18
12
Integrate OpenVPN
3. Click the ‘Upload’ option.
4. Now select all the check box and then click on ‘Import’ option.
Figure 19
5. Knowledge objects are now imported successfully.
Figure 20
Flex Reports On EventTracker Control Panel,
1. Click Reports option, and select new (*.etcrx) from the option.
13
Integrate OpenVPN
Figure 21
2. Locate the Flex Report_OpenVPN.etcrx file and select all the check box.
Figure 22
14
Integrate OpenVPN
3. Click the Import button to import the reports. EventTracker displays success message.
Figure 23
Dashboards Note: If you have EventTracker Enterprise version v9.0 and later, you can import dashboards.
1. Open EventTracker Enterprise.
Figure 24
2. Navigate to Dashboard>My Dashboard.
My Dashboard pane is shown.
3. Click the ‘Import’ button to import the dashlets.
15
Integrate OpenVPN
Figure 35
4. Locate the Dashboard_OpenVPN.etwd file.
5. Click the ‘Upload’ option.
16
Integrate OpenVPN
Figure 26
6. Now select all the check box and then click on ‘Import’ option.
Dashlets are now imported successfully.
7. Click the ‘Add’ button to create a new dashlets.
17
Integrate OpenVPN
Figure 27
8. Fill suitable Title and Description and click Save button.
9. Click ‘Customize’ to locate OpenVPN dashlets and choose all created dashlets for OpenVPN and choose all created dashlets.
Figure 28
18
Integrate OpenVPN
Verify OpenVPN knowledge pack in EventTracker
Categories 1. Logon to EventTracker Enterprise.
2. Click Admin dropdown, and then click Categories.
3. In Category Tree to view imported categories, scroll down and expand OpenVPN group folder to
view the imported categories.
Figure 29
Alerts 1. In the EventTracker Enterprise web interface, click the Admin dropdown, and then click Alerts.
2. In search box, enter OpenVPN and then click the Search button.
EventTracker displays alert of OpenVPN.
19
Integrate OpenVPN
Figure 30
Token Templates 1. In the EventTracker Enterprise web interface, click the Admin dropdown, and then click Parsing rules.
2. On Template tab, click on the OpenVPN group folder to view the imported Token Values.
Figure 31
Knowledge Objects 1. In the EventTracker Enterprise web interface, click the Admin dropdown, and then click Knowledge
Objects.
2. In the Knowledge Object tree, expand OpenVPN group folder to view the imported Knowledge objects.
20
Integrate OpenVPN
Figure 32
Flex Reports 1. In the EventTracker Enterprise web interface, click the Reports menu, and then select Report
Configuration.
Figure 33
2. In Reports Configuration pane, select Defined option.
3. Click on the OpenVPN group folder to view the imported OpenVPN reports.
21
Integrate OpenVPN
Figure 34
Dashboards 1. Open EventTracker Enterprise in browser and logon.
2. Navigate to Dashboard>My Dashboard.
My Dashboard pane is shown.
Figure 35
22
Integrate OpenVPN
Sample Flex Dashboards 1. OpenVPN- Client Login and Logout Activity: This dashboard provides information related to VPN Client
login and logout activity.
Figure 36
23
Integrate OpenVPN
2. OpenVPN- Client Login Failure: This dashboard provides information related to VPN client login failure.
Figure 37
3. OpenVPN- Admin Login Failure: This dashboard provides information related to admin login failure.
24
Integrate OpenVPN
Figure 38
