Microsoft PPTP VPN Gateway Configuration
Configuring Microsoft PPTP
Windows 2003 Server
- Logon with administrative rights
- Configure PPTP VPN
- Go to Start | All Programs | Administrative Tools | Configure Your Server Wizard, select the Remote Access/VPN Server role. The click the next button which runs the the Routing and Remote Access Wizard.
- Configure Server Logging – Enable authentication and accounting logging from the Settings tab on the properties of the Local File object in the Remote Access Logging folder in the Routing and Remote Access snap-in. The authentication and accounting information is stored in a configurable log file or files stored in the SystemRoot\System32\LogFiles folder. The log files are saved in Internet Authentication Service (IAS) or database-compatible format, meaning that any database program can read the log file directly for analysis.
- Configure Snare agent to send logs to Accelops.
Sample syslog messages
<13>Apr 1 09:28:03 dev-v-win03-vc MSPPTPLog 0
192.168.24.11,administrator,04/01/2009,09:28:00,RAS,DEV-V-WIN03-VC,44,29
,4,192.168.24.11,6,2,7,1,5,129,61,5,64,1,65,1,31,192.168.20.38,66,192.16 8.20.38,4108,192.168.24.11,4147,311,4148,MSRASV5.20,4155,1,4154,Use
Windows authentication for all users,4129,DEV-V-WIN03-VC\administrator,4130,DEV-V-WIN03-VC\administrato r,4127,4,25,311 1 192.168.24.11 04/01/2009 16:12:12 3,4149,Connections to Microsoft Routing and Remote Access server,4136,1,4142,0
PulseSecure Configuration
What is Discovered and Monitored
Configuration
Settings for Access Credentials
What is Discovered and Monitored
| Protocol | Information Discovered | Metrics Collected | Used For |
| Syslog | Security and Performance alerts | Security and performance monitoring |
Event Types
In CMDB > Event Types, search for “PulseSecure” to see the event types associated with this device.
Rules
There are no predefined rules for this device.
Reports
There are no predefined reports for this device.
Configuration
Syslog
Sample PulseSecure Syslog Messages