I have users connecting to AWS via the AWS managed services VPN endpoint. I'm trying to see who logs on to one of my EC2 server by looking at /var/log/auth.log. I can see the SSH connection coming from an IP address (10.183.0.7) which would be the NATed IP address of the user since the VPN CIDR for users is 172.19.0.0/16. I have the VPN logs so I can see which user is using a 172.19.0.0/16 IP however I do not know who is using 10.183.0.7.
My question is, where can I found the NAT logs that would tell me which user VPN address is translated to 10.183.0.7.
Thanks
