Citrix

Produktdokumentation



Ganzes Dokument herunterladen

Monitoring NetScaler Gateway Syslog Events

Dec. 18, 2015

You can use the Command Center dashboard to view graphical reports of NetScaler Gateway user sessions. The reports are based on parameters such as session access, ICA applications accessed, bandwidth usage, client type usage, EPA scan failures, and log in failures. NetScaler Gateway log messages also provide information about these parameters.

Using the Dashboard

Use the dashboard to monitor usage reports of the NetScaler Gateway devices. By default, you can view daily usage reports on the basis of various parameters.
To monitor the NetScaler Gateway syslog events dashboard
  1. On the Reporting tab, in the navigation pane, expand NetScaler Gateway, and then click Dashboard or, in the details pane, click the Dashboard icon.
  2. In the details pane, under Dashboard, you can view the following graphical reports:
    • Top 10 users by session: Displays the top ten users accessing applications through NetScaler Gateway. The report is based on the number of sessions for each user.
    • Top 10 ICA applications by user access. Displays the top ten ICA applications accessed by the users.
    • Top 10 users by bandwidth . Displays the top ten users in terms of bandwidth consumption across NetScaler Gateway sessions.
    • Client type usage. Displays the distribution of the NetScaler Gateway usage by client type (for example, e.g. Clientless VPN, Java, ICA, Agent.)
    • Top 10 users by EPA scan failures. Displays the top ten users whose devices failed to comply with the Citrix End Point Analysis (EPA) policy configured on NetScaler Gateway.

      Citrix Endpoint Analysis scans a user device and detects information such as the presence and version level of operating system, antivirus, firewall, or browser software. Use Citrix Endpoint Analysis to verify that the user device meets your requirements before you allow it to connect to your network. You can monitor files, processes, and registry entries on the user device throughout the user session to ensure that the device continues to meet requirements.

    • Top 10 users by failed attempts. Displays the top ten users experiencing failed login attempts. This report can help identify a breach to the VPN access.
  3. To view usage reports in the last 24 hours, or last one week, or last two weeks, select the required time period from the drop-down menu in the Dashboard.
  4. Click the graph to drill down and view the details on the Reports page.

Viewing Recent Log Messages

Updated: 2014-04-16

You can view the details of the NetScaler Gateway log messages when a message is generated on usage parameter.
To view the recent NetScaler Gateway Log Messages
  1. On the Reporting tab, expand NetScaler Gateway in the navigation pane and then click Recent Logs. Alternately, click Recent Logs icon in the right pane.
  2. In the right pane, under Recent Logs, you can view the following details for each of the message:
    • Date : Specifies the date and time when the event occurred.
    • Source : Specifies the IP address, the system name, or the host name of the NetScaler Gateway device for which the message was generated.
    • Event ID : Specifies the unique identification number of every NetScaler Gateway syslog.
    • Description : Specifies the message that is generated on the device when the event occurs. The message describes the type of event.

Configuring Views

You can add views to monitor specific types of NetScaler Gateway log messages based on parameters such as session access, ICA applications accessed, bandwidth usage, client type usage, EPA scan failures, and logon failures. Views make it easier to monitor data on NetScaler Gateway user sessions.

The views you create are associated with your Command Center user account.

Adding Views

You can create different views for various types of NetScaler Gateway log messages that are generated on the devices monitored in the Citrix network.

To add views to monitor NetScaler Gateway logs

  1. On the Reporting tab, in the left pane, under NetScaler Gateway, expand Recent Logs, and then click Views.
  2. In the right pane, under Views, click Add.
  3. Under Create Recent Logs View, fill the following details.
    • Name: The user-defined view name. Type a name for the NetScaler Gateway log view.
    • Devices: The IP address of the device on which the log is generated. Select the IP addresses of the devices for which you want to create the view.
    • Type: The type of NetScaler Gateway log types generated on the devices, such as LOGIN,LOGOUT,ICASTART,TCPCONNSTAT, HTTPREQUEST and others. Select the types for which you want to create the view.
    • User Name: Type the name of the profile for which you want to create the view.
    • Client IP: The client IP that the client used to connect to your Web server. Type the IP address of the client based on which you want to create the view.
    • Vserver: Type the virtual server details.
    • Client Type: Select the client type, such as Java, Agent, Clientless, ICA, or Mac.
    • Message: The log message that is generated. Select the operator, such as equals, not equals, and then type the message for which you want to create the view. Note that the message should be exactly the same as it is generated on the NetScaler device.
    • ICA Application Name: Type the ICA application that you want to access.
    • From Date and To Date: The date range when the syslogs are generated. Select the range for which you want to create the view.

Modifying Views

Updated: 2014-04-16

Use the Modify View option to modify the NetScaler Gateway views you have created.

To modify views to monitor AppFirewall logs

  1. On the Reporting tab, in the left pane, under NetScaler Gateway, expand Recent Logs, and click Views.
  2. In the right pane, under Views, click the view name you want to modify.
  3. In the right pane, click Edit.
  4. Under Configure Recent Log View, modify the values you want to change, and then click OK.

Discarding NetScaler Gateway Syslogs

Updated: 2015-03-18

A large number of syslog records can occupy an excessive amount of the Command Center server space. If you do not want the Command Center server to store obsolete syslog records generated by NetScaler Gateway devices, you can create a NetScaler Gateway filter that discards those records.

After you create the filter, the Command Center server discards the syslogs that meet the criteria you specified.

To create a NetScaler Gateway Syslog
On the Reporting tab, in the left pane, expand NetScaler Gateway, click Filters, then click Add, and specify the filter criteria.
Back to Top