Windows VPN Monitoring with NetCrunch
Remote work is growing and sometimes indispensable. There is a number of different VPN services that can be used to provide secure access to company networks for remote workers or those traveling away from the office. This article will describe how to set up VPN Monitoring in NetCrunch on the example of Windows VPN
When installing additional services to a Windows Machine, very often additional counters become available in the perfmon- this is one of the easiest ways to get information related to different services.
In this particular scenario, it’s possible to pull data related to RAS (Remote Access Services) that will give an insight into the number of connected users or authentication errors for example.
There are more counters related to VPN, but it’s up to the person responsible for VPN what should be monitored to avoid overflow of monitoring data.
Windows Service monitoring
Another way of ensuring that the VPN is working and people can connect to the company network is to make sure that services related to VPN are working. Since NetCrunch can automatically get a list of available services it’s very easy to set up monitoring. It’s important to select the proper node as a reference — otherwise, services related to VPN may not be available on the list, and thus cannot be selected.
It’s recommended to group all relevant alerts into separate monitoring pack, it will be easier to modify alerting rules and distribute them across multiple devices.
Windows Event Log
Windows Event log can be used to gather all sorts of information related not only to events about security issues but also related to applications like RAS mentioned above. Such information can be vital to check if employees can successfully log in via VPN and if the connection is not being interrupted too often. This can be achieved by monitoring failed logon or frequent logon from the same user for example.
All information can be viewed in NetCrunch Console afterwards.
Sensors can also be used to check whether a VPN or machine itself is working properly.
For example, Uptime sensor can notify us if the machine was restarted by any mean — which in some cases may be critical information.
Other sensors like process can monitor particular processes if they are up and running.
These are only examples on how NetCrunch can be utilized to be most efficient in monitoring such services as VPN, there are still many more performance metrics that NetCrunch can track in order to verify and ensure the highest uptime of all services.