To ensure optimal uptime for app access and connectivity, you should monitor the following core components in the Endpoint Management environment.
Admin and user audit logs
The following list describes the different types of log files available in Endpoint Management:
Admin audit log file: Contains audit information about activity on the Endpoint Management console.
Note: The same format is used for both admin audit and user audit logs.
With the exception of required Date and Timestamp values, all other attributes are optional. Optional fields are represented with “ “ in the message.
<date> <timestamp> "<username/id>" "<sessionid>" "<deviceid>" "<clientip>" "<action>" "<status>" "<application name>" "<app user id>" "<user agent>" "<details>"
The following table lists the available admin audit log events:
|Admin Audit Log Messages for events||Status|
|Delete certificate chain||success/failure|
|Add certificate chain||success/failure|
|Update config settings||success/failure|
|Update workflow email||success/failure|
|Add Active Directory||success/failure|
|Update Active Directory||success/failure|
|Update log server||success/failure|
|Transfer log from log server||success/failure|
|Update receiver updates||success/failure|
|Update time server||success/failure|
|Add service record||success/failure|
|Update service record||success/failure|
|Update receiver email||success/failure|
|Fetch app store app details||success/failure|
|Update SSL offload||success/failure|
|Add account property||success/failure|
|Delete account property||success/failure|
|Update account property||success/failure|
User audit log file: Contains information related to the user activity from enrolled devices.
The same format is used for both user audit and admin audit logs.
With the exception of required Date and Timestamp values, all other attributes are optional. Optional fields are represented with “ “ in the message. For example,
<date> <timestamp> " <username/id>" "<sessionid>" "<deviceid>" "<clientip>" "<action>" "<status>" " <application name>" "<app user id>" "<user agent>" "<details>"
The following table lists the available user audit log events:
|User Audit Log Messages for events||Status|
|SAML Token for ShareFile||success/failure|
|User initiated change password||success/failure|
|Mobile client download||success/failure|
|Cab auto install||success/failure|
|Cab shell install||success/failure|
|Cab create folder||success/failure|
|Cab file get||success/failure|
|File create folder||success/failure|
|Script create folder||success/failure|
|Script shell execution||success/failure|
|Script auto execution||success/failure|
|APK shell install||success/failure|
|APK auto install||success/failure|
|APK create folder||success/failure|
|APK file get||success/failure|
|Remove unmanaged application||success/failure|
|Remove unmanaged profile||success/failure|
|Apply redemption code||success/failure|
|Enable tracking device||success/failure|
|App management policy||success/failure|
|SD card wipe||success/failure|
|Encrypted email attachment||success/failure|
|Container password reset||success/failure|
|AG client auth creds||success/failure|
NetScaler also monitors the Endpoint Management web service state, which is configured with intelligent monitoring probes to simulate HTTP requests to each Endpoint Management server cluster node. The probes determine whether the service is online and then respond based on the response received. In the event that a node does not respond as expected, NetScaler marks the server as down. In addition, NetScaler takes the node out of the load-balancing pool and logs the event for use in generating alerts through the NetScaler monitoring solution.
You can also use standard hypervisor monitoring tools to monitor the Endpoint Management virtual machines and to provide relevant alerts regarding CPU, memory, and storage utilization metrics.
NetScaler provides the ability to log metrics to internal storage or to send logs to an external logging server. You can configure the syslog server to export NetScaler logs to your production Splunk logging servers. The following logging levels are available in NetScaler:
The log files are also stored in NetScaler storage in the /var/log/ns.log directory and named newnslog. NetScaler rolls over and compresses the files by using the GZIP algorithm. Log file names are newnslog.xx.gz, where xx represents a running number.