# Openvpn

### 1. openvpn.conf 다운로드 rsyslog 사용 <a href="#id-1" id="id-1"></a>

```bash
curl https://repo.plura.io/v5/module/rsyslog/80-openvpn.conf -o /etc/rsyslog.d/80-openvpn.conf
```

### 2. 80-openvpn.conf 수정 <a href="#id-2" id="id-2"></a>

* 로그 위치 확인

```bash
vi /etc/openvpn/server/server.conf
```

```bash
log /var/log/openvpn.log
log-append /var/log/openvpn.log
```

```bash
vi /etc/rsyslog.d/80-openvpn.conf
```

### 3. openvpn server conf 수정 <a href="#id-3" id="id-3"></a>

* logging 레벨 확인

```bash
vi /etc/openvpn/server/server.conf

verb 4
```

### 4. rsyslog 데몬 재 시작 <a href="#id-4" id="id-4"></a>

```bash
service rsyslog restart
```

### 5. 로그  확인 <a href="#id-5" id="id-5"></a>

* 로그 예시 : [전체로그 > 호스트](https://docs.plura.io/ko/function/common/flog/host)

<figure><img src="https://qubitsec.github.io/docs/images/Ins_G/openvpn/1.png" alt=""><figcaption></figcaption></figure>

* [x] 위 내용을 활용해서 필터를 등록하면 탐지로그를 확인할 수 있습니다.

> [https://docs.plura.io/ko/fn/comm/filter/syslog](https://docs.plura.io/ko/function/common/filter/syslog)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.plura.io/ko/agents/siem/uplc/openvpn.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.