circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Visit the old documentation portal.arrow-up-right
search

Ingest Logs

hashtag
Prerequisite

Logpoint: v7.4.0 or later

chevron-rightInstall Citrixhashtag

  1. Download the .pak file from the Marketplacearrow-up-right.

  2. Go to Settings >> System Settings from the navigation bar of Logpoint.

  3. Click Applications.

  4. Click Import.

  5. Browse to the downloaded .pak file.

  6. Click Upload.

After installation, verify the integration appears under Settings >> System Settings >> Plugins

hashtag
Configure Citrix

Configure Citrix using two methods:

  1. Log Source Template (recommended), which provides a centralized interface for all integrations and minimizes setup requirements

  2. Devices

hashtag
Method 1: Configure via Log Source Template

chevron-rightConfigure via Log Source Templatehashtag

  1. Go to Settings >> Log Sources in the navigation bar and click Add Log Source.

  2. Click the Netscaler log source template.

  3. Enter the Device Addresses.

  4. Click Routing.

  5. Select Repo from the drop-down or create a repo.

  6. Click Create Log Source to save the configuration.

hashtag
Method 2: Configure via Devices

chevron-rightConfiguring a Repohashtag

  1. Go to Settings >> Configuration in the navigation bar, then click Repos.

  2. Click Add.

  3. Enter a Repo Name.

  4. Select a Repo Path to store incoming logs.

  5. Set a Retention Day to keep logs in a repository before they are automatically deleted. You can add and remove multiple Repo Paths and Retention Days.

  6. Select a Remote LogPoint and set an Available for (day).

  7. Click Submit.

chevron-rightAdding a Normalization Policy hashtag

  1. Go to Settings >> Configuration in the navigation bar, then click Normalization Policies.

  2. Click Add.

  3. Enter a Policy Name.

  4. Select the Citrix Compiled Normalizer and Normalization Packages.

  5. Click Submit.

chevron-rightConfiguring a Processing Policyhashtag

  1. Go to Settings >> Configuration from the navigation bar and click Processing Policies.

  2. Click Add.

  3. Enter a Policy Name.

  4. Select the previously created normalization policy.

  5. Select the Enrichment Policy.

chevron-rightAdding Citrix as a Device in Logpointhashtag

  1. Go to Settings >> Configuration in the navigation bar, then click Devices.

  2. Click Add.

  3. Enter a device Name.

  4. Enter the Citrix server IP address(es).

  5. Select the Device Groups.

  6. Select an appropriate Log Collection Policyarrow-up-right for the logs.

  7. Select a collector or a forwarder from the Distributed Collector drop-down.

circle-info

It is optional to select the Device Groups, the Log Collection Policy, and the Distributed Collector.

  1. Select a Time Zone. The device's time zone must match its log source.

  2. Configure the Risk Values for Confidentiality, Integrity, and Availability used to calculate the risk levels of the alerts generated from the device.

  3. Click Submit

chevron-rightConfiguring the Syslog Collector for Citrixhashtag

  1. Go to Settings >> Configuration from the navigation bar and click Devices.

  2. Click the Add icon from the Actions of the previously added device.

  3. Click Syslog Collector.

  4. Select Syslog Parser as Parser.

  5. Select the previously created Processing Policy.

  6. Select the Charset.

  7. In Proxy Server, select None

  8. Click Submit.

hashtag
Verify Ingestion

hashtag
Check Log Ingestion

Use the following query to verify Citrix logs are being ingested and normalized:

hashtag
Verify Data Flow

  1. Monitor Log Volume: Verify expected log volumes are being processed.

  2. Validate Normalization: Confirm logs are correctly parsed and normalized using the Compiled Normalizer and Normalization Packages.

Last updated

Was this helpful?