The system log displays a timestamped list of events that occurred in Citrix Cloud. You can export these changes as a CSV file to meet your organization’s regulatory compliance requirements or to support security analysis.
To view the system log, select System Log from the Citrix Cloud menu.
For more information about retention of data in system logs, see Data retention in this article.
The system log captures events for certain Citrix Cloud platform and cloud service operations. For a complete list of these events and descriptions of captured data, see System Log Events Reference.
By default, the system log displays events that occurred in the last 30 days. The most recent events are displayed first.
The displayed list includes the following information:
- Date and time (UTC) when the event occurred.
- Actor that initiated the event, such as an administrator or secure client. Entries with the actor CwcSystem indicate that Citrix Cloud performed the operation.
- Brief description of the event, such as editing an administrator or creating a new secure client.
- Target of the event. The target is the system object that was impacted or changed as a result of the event. For example, a user who was added as an administrator.
To view events more than 30 days in the past, filter the list by selecting the time period you want to view and select View. You can view events that occurred up to 90 days in the past.
To retrieve older events that occurred during a time period that you specify, you can use the SystemLog API. For more information, see Retrieve events for a specific time period in this article.
You can export a CSV file of system log events that occurred up to the last 90 days. The name of the downloaded file follows the format of
- From the Citrix Cloud menu, select System Log.
- If needed, filter the list to display the time period for which you want to export events.
- Select Export to CSV and save the file.
The CSV file includes the following information:
- UTC timestamp of each event
- Details of the actor who initiated the event, including the name and actor ID.
- Event details such as the type of event and the text of the event
- Details of the target of the event such as the target ID, the name of the administrator or a secure client.
Retrieve events for a specific time period
If you need to retrieve events for specific periods of time, you can use the SystemLog API. Before you use the API, you’ll need to create a secure client as described in Getting Started on the Citrix Developer Docs web site.
For more information about using the SystemLog API, see Citrix Cloud - SystemLog on the Citrix Developer Docs web site.
Forward system log events
The Citrix System Log Add-on for Splunk enables you to connect your Splunk instance with Citrix Cloud. With this connection, you can forward system log data to Splunk. For more information, see the add-on documentation in the Citrix repository in GitHub.
Add-ons for other security information event management (SIEM) solutions such as Microsoft Azure Sentinel and IBM QRadar are not yet available. Please check the following resources periodically for updates on any development efforts and releases:
Citrix shares responsibility with you, the customer, for retaining the system log data that Citrix Cloud captures.
Citrix retains system log records for 90 days after events are recorded.
You are responsible for downloading the system log records that you want to retain to meet your organization’s compliance requirements and for storing these records in a long-term storage solution.