As more and more staff are shifting to remote working, I am being regularly challenged by my top management to produce relevant KPIs related to VPN connections. Sample questions I get :
- How many users are working from home right now ?
- Could you break the numbers by department ?
- What is the overall trend of remote connections ? Are there connections on the weekend and overnights ?
Thankfully I have Graylog, which can answer all of these questions and plenty more in mere seconds, thanks to the VPN dashboard below :
My management loves it, hope you do as well
Thanks for the entry, @H2Cyber !
Gets my vote: does 1 thing really well, instead of cramming dozens of metrics on a single dashboard. Nicely designed too.
Looks nice. Which vendor is your VPN gateway? Would like to try this with a Palo Alto.
The vendor of the VPN gateway is Cisco, and I am using some hand made extractors to parse its logs into field names (which are not Graylog schema compliant). I am also using lookup tables and information from AD to enrich usernames with department information. I thought about sharing the exportable bits onto a content pack, but the setup is so custom that it won’t easily be beneficial to others.