In case you did not find a way to catch these logs, i put here how we did it.
Created a mappingConfiguration file defining a couple fields that appear only on our vpn login logs and defined both fields as requiered, in this way only logs that contain these two fields are exported. You do not need to change "exportAllFields" setting, leave it as true, in this way all the information inside these logs will be sent. Do not forget to reference this mapping file on "<mappingConfiguration>" setting. We used fields "os_name" and "session_uid", xml file looked like this, you can use as many as you want if need to be more specific.
<?xml version="1.0" encoding="utf-8"?>