OpenVPN — audit logs

Audit logs can be implemented in a very simple way

Install swatch

apt-get install swatch

Make script

nano /opt/openvpn_watch.shwatchfor /TLS: Initial/
mail=some-email@test.com,subject="Client connected to VPN."

Create system service

nano /etc/systemd/system/openvpn_watch.service[Unit]
Description=openvpn_watch-log-authentication
After=openvpn.target

[Service]
ExecStart=/usr/bin/swatch -c /opt/openvpn_watch.sh -t /etc/openvpn/openvpn_server.log --daemon > /dev/null 2>&1
KillMode=process
Type=simple
Restart=no

[Install]
WantedBy=multi-user.target

Run service

systemctl daemon-reload
systemctl start openvpn_watch.service
systemctl enable openvpn_watch.service

DevOps Consultant. I’m strongly focused on automation, security, and reliability.