Self-service search for Gateway

Use the self-service search feature to get insight into the user events received from the Citrix Gateway data source. When users access their network resources such as file servers, applications, websites through Citrix Gateway, events such as authentication stage, authorization type, VPN session code, VPN session state are generated for each user connection. These events are sent to Analytics and you can view them on the self-service search page.

For more information on the search functionalities, see Self-service search.

Select the Gateway data source

To view the Gateway events, in the search box, select Gateway from the list. Select the time period for which you want to view the events and then click Search.

Select gateway data

By default, the self-service page displays the events for the last one month. The page also provides you with several facets and a search box to filter and focus on the required events.

Gateway overview page

Use the facets to filter events

The facets are categorized based on the events received from your data source. Use the following facets to filter your events:

Gateway facets

  • Authentication Stage- Search events based on different stages of client authentication such as primary, secondary, and tertiary.

  • Authentication Type- Search events based on the client authentication types such as Local, RADIUS, LDAP, TACACS, client certificate authentication including smart card authentication.

  • Device Agent- Search events based on the client devices such as iPhone, iPad, Windows Mobile.

  • Event Type- Search events based on the types of VPN records. Following VPN record types are available:

    Record type Record name
    VPN_AI Authentication record
    VPN_SU Session Update record
    VPN_ST Session Logout record
    VPN_AF Application Launch Failure record
  • Browser- Search events based on the browsers such as Internet Explorer, Chrome, Firefox, Safari.

  • OS- Search events based on the client operating systems such as Windows, Mac, Linux, Android, iOS.

  • Status Code- Search events based on the VPN status codes such as SSL redirect response failure, authorization failure, single sign-on failed.

  • Session State- Search events based on the VPN session states such as client state, authorization state, SSO state, application bandwidth update.

  • Session Mode- Search events based on the VPN session modes such as Full tunnel, ICA Proxy, Clientless.

  • SSO Authentication Method- Search events based on different methods of single sign-on authentication such as basic, digest, NTLM, Kerberos, AG basic, form-based SSO.

  • Logout Mode- Search events based on the VPN logout modes such as internal error logout, session time-out logout, user-initiated logout, administrator terminated session.

For example, you want to view the events where LDAP is used as the primary authentication type. Select Primary in the Authentication Stage facet and select LDAP in the Authentication Type facet. Select the time period and click Search to view the events.

Gateway facet selection

Specify search query to filter events

Place your cursor in the search box to view the list of dimensions for the Gateway events. Use the dimensions to specify your query and search for the required events.

Gateway dimension list

You can also use operators in your search query to expand your search criteria and get the required result. For more information on the valid operators, see Use search query in the search box to filter events.

For example, you want to view the events for a user “ns133” where the VPN status code is “successful login”.

  1. Enter “user” in the search box to choose the related dimension.

    Gateway search query 1

  2. Select User-Name and enter the value “ns133” using the equal operator.

    Gateway search query 2

    Gateway search query 3

  3. Select the AND operator and then select the Status Code dimension. Enter the string “Successful login” for Status Code using the equal operator.

    Gateway search query 4

    To identify the possible string values for Status Code, expand the Status Code filter list and use the filter name as the string in your search query.

    Status code values

  4. Select the time period and click Search to view the events on the DATA table.