Product documentation
Citrix Virtual Apps and Desktops
Current Release Service 2507 LTSR 2411 2407 2402 LTSR 2311 2203 LTSR
View PDF

Viewing and Using AOT Logs

December 10, 2025
Contributed by: 
C

Accessing Logs via Director UI

Step1

Edit the StartLogServer.bat file

The StartLogServer.bat file contains all configuration parameters used to start the AOT Log Server container, including several environment variables that control log access and behavior. One of the key settings is LOCAL_DOWN_ONLY.

  • When LOCAL_DOWN_ONLY=false, the Log Server accepts remote log-viewing requests. This allows Citrix Director/Monitor to connect to the Log Server and display AOT logs directly in the Monitor UI.

  • When LOCAL_DOWN_ONLY=true, the Log Server restricts log access to local-only connections. In this mode, you must connect directly to the Log Server machine to view logs, and Citrix Director Monitor will not be able to retrieve or display logs.

AOT bat file

Step 2

Web Studio provides a dedicated setting that allows Citrix Director to connect to the AOT Log Server and display logs in the Monitor console. Once the Web Studio settings are saved, the Delivery Controllers update the site configuration, and Director receives the log server details, including the log server address, port, and authentication key. The director uses these settings to establish a secure connection to the Log Server.

Step 3

After configuration:

  1. Open Citrix Director.
  2. A new Logs option appears in the left navigation panel.
  3. Select Logs and you will see the Get Started page, click on Close to skip it, as we have completed these settings earlier.
  4. Now, you will see the Director retrieving and displaying AOT logs directly from the Log Server.

Citrix Director

The Logs page in Director provides a unified view of AOT events from Delivery Controllers, VDAs, StoreFront servers, and other Citrix components. You can search, filter, and inspect logs in real time to troubleshoot issues quickly.

Free-text search: At the top of the Logs page, you’ll find a free-text search bar. You can type any keyword to begin narrowing down the results. The search updates the results instantly once you apply filters. Examples include:

  • Usernames
  • Machine names
  • Event keywords (for example, registration, authentication, STA)
  • Transaction IDs
  • Error messages or partial strings

Time filter: Use the time selector (for example, Last 5 minutes, Last 1 hour, Last 24 hours) to view logs generated within a specific duration. This helps you quickly isolate events around the exact time an issue occurred.

Category filter: The Category field lets you filter logs based on the type of event or subsystem. This helps you focus on logs related to Application launch, Registration, VDA configuration, Graphics, HDX Direct, ICA connection, etc.

Log Class filter: The Log Class filter groups logs by severity or event type. This lets you focus only on errors or important events when troubleshooting. Common classes include:

  • Information
  • Warning
  • Error
  • Failure

Hostname filter: The Hostname filter lets you select a specific machine — such as a VDA, Delivery Controller, CWA, or StoreFront server. This is useful when you want to drill into logs for a single endpoint or VM instead of searching across the entire deployment.

This centralized access streamlines troubleshooting by allowing for quick log retrieval and analysis from a single console. Learn more about the prerequisites and getting started in Director - Logs.

Accessing Logs via Log Server

The following content is Generate the AuthKey. To enable the access to logs, user needs

  1. Modify the StartLogServer.bat script LOCAL_DOWN_ONLY=false

  2. Generate the AuthKey

To keep your logs secure, you’ll need an AuthKey before downloading them. Here’s what to do:

  1. Get your AuthKey – Use your own role-name/name to generate it.
  2. Run locally – Scripts can only run on the machine where the Docker container is installed.
  3. Windows users – Use the GetAuthKey.bat scripts instead of shell scripts.
  4. Download logs – Once authenticated, you can safely retrieve your logs.

Generate the AuthKey

For Linux 

./GetAuthKey.sh role-name
{"key":"ebac9b7726cb4be597c92c6769134d25","role":"role-name","status":"DONE"}
<!--NeedCopy-->

For Windows 

GetAuthKey.bat role-name
{"key":"ebac9b7726cb4be597c92c6769134d25","role":"role-name","status":"DONE"}
<!--NeedCopy-->

Save the key: ebac9b7726cb4be597c92c6769134d25 by yourself. It’s the only way to get the key.

List machine names that have already sent their AOT logs to the logserver

The parameter is the key get from GetAuthKey.sh

For Linux 

./ListMachines.sh ebac9b7726cb4be597c92c6769134d25
{"machines":["MachineName"]}
<!--NeedCopy-->

Empty machines means that there has no log

For Windows 

ListMachines.bat ebac9b7726cb4be597c92c6769134d25
{"machines":["MachineName"]}
<!--NeedCopy-->

For windows powershell when LogServer starts with “-e LOCAL_DOWN_ONLY=false”:

Invoke-WebRequest -Uri "https://logserver_fqdn:8443/ctxlogserver/Download/ListMachine" -Headers @{ AuthKey = "ebac9b7726cb4be597c92c6769134d25" }
<!--NeedCopy-->

Replace logserver_fqdn with logserver real FQDN, and 8443 with logserver real port. Replace https with http when installed in http mode.

Empty machines means that there has no log

Download logs by Machine name and Time range.

Time is in UTC format:YYYY-mm-ddTHH:MM:SSZ.

#Usage: ./DownloadLogsByTime.sh [AuthKey] [MachineName] [StartTime|YYYY-mm-ddTHH:MM:SSZ] [EndTime|YYYY-mm-ddTHH:MM:SSZ] [OutputFile]
#Example:
<!--NeedCopy-->

For Linux 

./DownloadLogsByTime.sh ebac9b7726cb4be597c92c6769134d25 MachineName 2025-01-01T00:00:00Z 2025-01-02T00:00:00Z logs.csv
<!--NeedCopy-->

For Windows 

DownloadLogsByTime.bat ebac9b7726cb4be597c92c6769134d25 MachineName 2025-01-01T00:00:00Z 2025-01-02T00:00:00Z logs.csv
<!--NeedCopy-->

For windows powershell when LogServer starts with “-e LOCAL_DOWN_ONLY=false”:

Invoke-WebRequest -Uri "https://logserver_fqdn:8443/ctxlogserver/Download/TimeRange?start=2025-01-01T00:00:00Z&end=2025-01-02T00:00:00Z" -Headers @{ AuthKey = "ebac9b7726cb4be597c92c6769134d25" } -OutFile logs.csv
<!--NeedCopy-->

Download logs by keyword/s filter. Time is in UTC format

Note:

  • A keyword can be a single word or a combination of words.
  • Keywords can match anywhere within the log message.
  • A Transaction ID can also be used as a keyword.
#Usage: ./DownloadLogsByWords.sh [AuthKey] [StartTime|YYYY-mm-ddTHH:MM:SSZ] [EndTime|YYYY-mm-ddTHH:MM:SSZ] [SearchWords] [OutputFile]
#Example:
<!--NeedCopy-->

For Linux 

./DownloadLogsByWords.sh authkey 2025-01-01T00:00:00.000Z 2025-12-31T23:59:59.999Z "session launch" logs.csv
<!--NeedCopy-->

For Windows 

DownloadLogsByWords.bat authkey 2025-01-01T00:00:00.000Z 2025-12-31T23:59:59.999Z "failed vda" logs.csv
<!--NeedCopy-->

For windows powershell when LogServer starts with “-e LOCAL_DOWN_ONLY=false”:

Invoke-WebRequest -Uri "https://logserver_fqdn:8443/ctxlogserver/Download/SearchLog?start=2025-01-01T00:00:00Z&end=2025-01-02T00:00:00Z&words=failed vda" -Headers @{ AuthKey = "ebac9b7726cb4be597c92c6769134d25" } -OutFile logs.csv
<!--NeedCopy-->

Words are separated by space

Viewing and Using AOT Logs
December 10, 2025
Contributed by: 
C
December 10, 2025
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.