When you configure your Citrix NetScaler to send log data to USM Appliance, you can use the Citrix NetScaler plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
| Device | Details |
|---|---|
| Vendor | Citrix |
| Device Type | Load Balancer |
| Connection Type | Syslog |
| Data Source Name | citrix-netscaler |
| Data Source ID | 1678 |
Integrating Citrix NetScaler
Before you configure the Citrix NetScaler integration, you must have the IP Address of the USM Appliance Sensor.
To configure Citrix NetScaler to send log data to USM Appliance
- Log in to NetScaler and select Configuration from the top menu.
- In the navigation pane, expand the System node then the Auditing node.
- Click Syslog.
-
In the right pane, add a new auditing server
- On the Servers tab, click Add.
- In the Auditing Type field, SYSLOG is selected by default.
- In IP Address, enter the IP address of the USM Appliance Sensor.
- In Port Number, enter 514.
- In Log Levels, select All.
- From the Log Facility list, select the appropriate facility.
- In Date Format, choose MMDDYYYY.
- For Time Zone, select GMT.
-
Select TCP Logging or ACL Logging.
Note: LevelBlue supports both options, but TCP Logging uses fewer resources.
- Click Create.
-
Add a policy for the new auditing server
- On the Policies tab, click Add.
- In the Auditing Type field, SYSLOG is selected by default.
- In Server, select the server created in Step 4.
- Click Create.
-
Bind the policy globally
- On the Policies tab, click Action and select Classic Policy Global Bindings.
- Select the policy created in Step 5.
- Click Bind and then Done.
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Troubleshooting
For troubleshooting, refer to the vendor documentation:
Feedback