circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Visit the old documentation portal.arrow-up-right
search

Explore and Analyze Citrix Events

After Citrix logs are ingested:

  • View events in real time through Dashboards.

  • Set up Reports to summarize and track events over time.

  • Use Labels for mapping Citrix NetScaler events to Logpoint labels

Refer to Log Reference for log samples, field mappings, and labels, which provide essential context for understanding the structure and meaning of the Citrix events.

hashtag
Dashboards

hashtag
LP_Citrix NetScaler Dashboard

The LP_Citrix NetScaler dashboard provides centralized visibility into normalized Citrix NetScaler logs, enabling monitoring of authentication activity, application access, web traffic patterns, and security-related events for investigation and analysis.

chevron-rightAdding the Citrix Dashboardhashtag

  1. Navigate to Settings >> Knowledge Base >> Dashboard.

  2. Select VENDOR DASHBOARD from the dropdown.

  3. Click the Use icon under Actions.

  4. Click Choose Repos.

  5. Select the repository configured for CloudTrail logs and click Done.

  6. In Ask Repos, select the dashboard and click Ok.

The dashboard will appear under Dashboards. You can view details about each widget by clicking the Info icon.

hashtag
Reports

hashtag
LP_Citrix NetScaler Report

The LP_Citrix NetScaler report provides predefined reports, enabling users to gain visibility into traffic patterns, authentication activity, system events, and potential security incidents.

chevron-rightGenerating Citrix Reportshashtag

  1. Go to Reports >> Reports Templates.

  2. Select VENDOR REPORT TEMPLATES from the dropdown.

  3. Click the plus icon in Actions.

  4. Click the Run This Report icon.

  5. Select Repos, Time Zone, Time Range, and Export Type.

  6. Enter Email.

  7. Click Submit.

hashtag
Citrix Labels

The labels available in LP_Citrix NetScaler are:

Category

Labels

ICASTART

Application, Up

FILE_REQUEST

File, Request

ZEBOS_CMD_EXECUTED

Command, Execute

SSL_CERT_EXPIRY_IMMINENT

SSL, Certificate, Expire, Warning

SSL_HANDSHAKE_ISSUERNAME

SSL, Handshake

SSL_HANDSHAKE_SUCCESS

SSL, Handshake, Successful, New

SSL_HANDSHAKE_FAILURE

SSL, Handshake, Fail

SSL_CRL_UPDATE_FAILURE

Certificate, Revoke, List, Update, Fail

SSL_CRL_UPDATE_SUCCESS

Certificate, List, Update, Successful

MONITORUP

Monitor, Up

DEVICEUP

Device, Up

DEVICEDOWN

Device, Down

MONITORDOWN

Monitor, Down

DEVICEOFS

Device, Unavailable

CONN_DELINK

TCP, Connection, Terminate

CONN_TERMINATE

TCP, Connection, Terminate

OTHERCONN_DELINK

TCP, Connection, Terminate

CMD_EXECUTED

Command, Execute

LOGIN_FAILED

User, Login, Fail

LOGIN

User, Login, Successful

LOGOUT

User, Logoff

HTTP_RESOURCEACCESS_DENIED

Resource, Access, Deny

NONHTTP_RESOURCEACCESS_DENIED

Resource, Access, Deny

TCPCONNSTAT

Connection, Notice

ICAEND_CONNSTAT

Connection, Notice

CLISEC_EXP_EVAL

Application, Notice

EXTRACTED_GROUPS

Application, Notice

HTTPREQUEST

Application, Request

REMOVE_SESSION

Session, Delete

UDPFLOWSTAT

UDP, Notice

TCPCONN_TIMEDOUT

TCP, Connection, Timeout

REMOVE_SESSION_DEBUG

Session

TRAP_SENT

SNMP, Trap, Information, Send

CS

User, Login, Successful

PB_SYSTEM_RESTART

System, Restart

PB_PROCESS_RESTART

Process, Restart

APPFW_STARTURL

Illegal, URL

APPFW_XSS

Block

Last updated

Was this helpful?