Skip to main content
Sumo Logic

VPN Monitoring Resources and Tips

These days, as more and more people work from home, it’s especially important to ensure that your work from home infrastructure is healthy, and your VPN is keeping your employees connected and your data secure. You can use Sumo Logic to monitor traffic, user activity, successful and failed logins, and more. This page summarizes Sumo Logic resources and recommendations for monitoring your VPN.

Solutions and apps for infrastructure monitoring

These ready-to-run apps are a good starting point for monitoring critical parts of your infrastructure that support a work from home workforce:

  • Work from Home Solution—This solution allows you to monitor all aspects of the infrastructure you use to enable employees to work from home, safely and securely—including your productivity apps, and the services you use for SSO, remote access, endpoint security.

  • Sumo Logic App for Cisco Meraki—You can use this app to monitor and troubleshoot network security, end-to-end performance, switch port management, and device management of your Cisco Meraki wireless infrastructure management platform.  
  • Sumo Logic App for Zscaler Web Security—This app provides visual insights into web traffic behaviors, security, user browsing activities, and risk in Zscaler.

Dashboards for VPN monitoring

We created these dashboards to help you monitor commonly-used VPNs. The dashboards are open source and published on GitHub. 

Tips for creating your own searches and dashboards

When you build your own searches and dashboards consider these VPN monitoring best practices:

  • Successful logins—Monitor for spikes or drops in logins, and whether they are coming from expected locations.
    • Total
    • By location
    • Logins from multiple IPs
    • Trend over time
  • Failed logins—Monitor for spikes in failed logins and where those login attempts are coming from.
    • Total
    • By location
    • Trend over time
  • Events and connections—Monitor both the most common and least common events from your VPN service.
    • Top events
    • Events trend over time
    • Connections over time
  • Suspicious activity—Use our Threat Intelligence and ASN Lookup integration to monitor for malicious connections. 
    • Top suspicious IPs and threat intelligence
    • Suspicious IPs trend over time
    • Abnormal session durations