Hi Team,
Just wondering if anyone could recommend the best way to monitor our windows NPS server for failed wireless authentication attempts / failed attempts
Isnt it in the Windows System Log? You may then use event console.
BR
MF
Yes it is. Just thought maybe there was a better / more efficient way of monitoring these attempts.
Whats the best way of monitoring the windows event viewer logs. Install the checkmk agent then ?
Hi @rubber_ducky,
a customer of mine is using a RADIUS NPS Server.
We monitor it with an old Nagios Perl script called check_radius. It’s not the nicest thing in the world, but it does test the NPS Server for authentication.
It’s been a while since I implemented it. And I would really advise using the script, but there are not a lot of ways to check the NPS Server.
Installing the Checkmk Agent should always be your go to solution to monitor things. To monitor the Windows Event Log it is mandatory. I would also suggest that you monitor the Windows Service thats responsible for the NPS stuff.
Here is more information on the logging part from Microsoft:
NPS logging
NPS logging is also called RADIUS accounting. Configure NPS logging to your requirements whether NPS is used as a RADIUS server, proxy, or any combination of these configurations.
To configure NPS logging, you must configure which events you want logged and viewed with Event Viewer, and then determine which other information you want to log. In addition, you must decide whether you want to log user authentication and accounting information to text log files stored on the local computer or to a SQL Server database on either the local computer or a remote computer.
For more information, see Configure Network Policy Server Accounting.
Hope this helps.
Norm
Yes and do the configuration of system log and event console.
BR
Michael