Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Citrix NetScaler

 

To integrate Citrix NetScaler events with JSA, you must configure Citrix NetScaler to forward syslog events.

  1. Using SSH, log in to your Citrix NetScaler device as a root user.
  2. Type the following command to add a remote syslog server:

    add audit syslogAction <ActionName> <IP Address> -serverPort 514 -logLevel Info -dateFormat DDMMYYYY

    Where:

    <ActionName> is a descriptive name for the syslog server action.

    <IP Address> is the IP address or host name of your JSA console.

  3. Type the following command to add an audit policy:

    add audit syslogPolicy <PolicyName> <Rule> <ActionName>

    Where:

    <PolicyName> is a descriptive name for the syslog policy.

    <Rule> is the rule or expression the policy uses. The only supported value is ns_true.

    <ActionName> is a descriptive name for the syslog server action.

  4. Type the following command to bind the policy globally:

    bind system global <PolicyName> -priority <Integer>

    Where:

    <PolicyName> is a descriptive name for the syslog policy.

    <Integer> is a number value that is used to rank message priority for multiple policies that are communicating by using syslog.

    When multiple policies have priority (represented by a number value that is assigned to them) the lower number value is evaluated before the higher number value.

  5. Type the following command to save the Citrix NetScaler configuration.

    save config

  6. Type the following command to verify that the policy is saved in your configuration:

    sh system global

    Note

    For information on configuring syslog by using the Citrix NetScaler user interface, see http://support.citrix.com/article/CTX121728 or your vendor documentation.

    The configuration is complete. The log source is added to JSA as Citrix NetScaler events are automatically discovered. Events that are forwarded by Citrix NetScaler are displayed on the Log Activity tab of JSA.

Syslog Log Source Parameters for Citrix NetScaler

If JSA does not automatically detect the log source, add a Citrix NetScaler log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Citrix NetScaler:

Table 1: Syslog Log Source Parameters for the Citrix NetScaler DSM

Parameter

Value

Log Source type

Citrix NetScaler

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Citrix NetScaler devices.

Citrix NetScaler Sample Event Message

Use this sample event message to verify a successful integration with JSA.

Note

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Citrix NetScaler Sample Message When You Use the Syslog Protocol

The following sample event message shows a successful SSL handshake.

Table 2: JSA field names and highlighted values in the event payload

JSA field name

Highlighted values in the event payload

Event ID

SSL_HANDSHAKE_SUCCESS

Source IP

172.25.184.157

Source Port

19849

Destination IP

10.254.14.94

Destination Port

443

Device Time

12/04/2017:17:21:00 GMT