Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
app-115003788389.png

Citrix

Citrix enables you to collect and normalize Citrix logs and lets you analyze the information through the LP_Citrix NetScaler dashboard. The dashboard visualizes users successful/failed logins, accessed applications, HTTP Requests and data utilizations. You can customize it to perform in-depth analysis by changing the data used in a search.

Release Details
Version:5.4.0
Release date: April 26, 2024
Supported On: Logpoint v7.4.0 or later for log source template
Documentation: Citrix guide
SHA 256: 219d8fb1ab0347a7eede1c3baf580fc663aa1c4e916d5288e4696e9871a1ec9b
Download

 

 

 

 

 

 

 

 

 

Key Information

You can configure a date format for CitrixNetScalerCompiledNormalizer and CitrixADCCompiledNormalizer using CNDP. 

Enhancements

Description Issue ID Reference ID
Added Syslog Collector based Netscaler log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. KB-22640 -

Added CompiledNormalizer Date Preference (CNDP) support to CitrixNetScalerCompiledNormalizer, ensuring consistent date format in normalized CitrixNetScaler logs. Go to CNDP to learn how to configure it.

 KB-24430 -

For Netscaler login logs when normalized by CitrixNetScalerCompiledNormalizer:

  • Added the Successful label and success as the Status field value for a successful login logs. 
  • Added the Failed label and failed as the Status field value for a failed login logs. The reason field maps the status field value of the raw log. 
 KB-22821 78618 

Bug Fix

Description Issue ID Reference ID
Some CitrixNetScaler logs were not correctly normalized by LP_Citrix NetScaler, LP_Citrix Secure Gateway, LP_Citrix XenDesktop, LP_Citrix XenMobile, LP_Citrix SDWAN
CitrixNetScalerCompiledNormalizer and CitrixADCCompiledNormalizer. 		KB-24789, KB-22265, KB-22211 77791, 77528, 77609 

Past Releases

Citrix v5.3.0

Release Date: September 19, 2023

Supported On: Logpoint v6.7.0 and later

Download: Citrix_5.3.0.pak

SHA256: 8f468480a2373e6685cca778931d021bd8525182a0ecc7acb3790d081e49fcb8

Enhancements

Description
Issue ID
Zendesk Support ID
Added a new CitrixADCCompiledNormalizer to support Citrix ADC WebApp logs. KB-19323 71417

CitrixNetScalerCompiledNormalizer is now made configurable to select a date format (European or American). 

 KB-20318 -
The log_ts field is now normalized by CitrixNetScalerCompiledNormalizer.  KB-19092 70972
Added new signatures in CitrixNetScalerCompiledNormalizer to support the Citirix Netscalar ADC logs. KB-19761 72159 

Bug Fixes

The following issues are fixed: 

Description
Issue ID
Zendesk Support ID

Some Citrix and Citirix Netscaler logs were not correctly normalized by LP_Citrix NetScaler, LP_CitrixSDWAN, LP_CitrixSecure Gateway, LP_CitrixXenDesktop, CitrixNetscalerCompiledNormalizer and LP_CitrixXenMobile.

 KB-17854, KB-20469, KB-20205 73609, 72766 
The source_address field was not properly normalized by LP_Citrix Netscaler.  KB-19918 72466

Citrix v5.2.0

Release Date: April 04, 2022

Supported On: Logpoint v6.7.4 and later

Download: Citrix_5.2.0.pak

SHA256: 2f0b4eee46e7bd3ad023c12fc14c375d8f9b3bc767dc290e27c99de9f28cd52f

Enhancements

Description
Issue ID
Zendesk Support ID
Added CitrixNetScalerCompiledNormalizer to normalize the Citrix logs previously normalized by normalization packages. KB-16104 -

Made the following changes in the Citrix Netscalar logs to make them compatible for LogPoint UEBA:

  • Added the VPN label.

  • Added the status field.

 KB-15732 62694
Added new signatures in LP_Citrix NetScaler to support the Citirix Netscalar logs. KB-15714 62904
Updated signatures in LP_Citrix NetScaler to support the Citrix Netscalar logs new format. KB-15714, KB-14052 62904, 59111

Bug Fixes

The following issues are fixed: 

Description
Issue ID
Zendesk Support ID
Some Citrix SSLVN logs were not properly normalized by LP_Citrix NetScaler
 KB-15726 62859
The user and log_ts fields were not properly normalized in some Citrix logs. KB-10129, KB-15273 -

Citrix v5.0.1

Enhancement

The following enhancements have been made in the normalization package LP_Citrix NetScaler:  

  • The signature ID's 29066, 29094, 29097, 29099, 29100, 29101, 29102, and 29103 have been enhanced and new signatures have been added to normalize the NetScaler logs.
  • The signature ID 29040 has been deactivated. 
  • The signature ID 29064 has been updated to correctly capture the value for the field policy.
  • The signature ID 29053  has been updated to correctly capture the value for the field protocol_version by adding a space separator between the field protocol_version and its value.
  • The signature ID 29091 has been updated to capture the value of the type string for the field protocol_version.
  • The signature ID 29009 has been updated to capture the LOGIN_FAILED event as category to maintain consistency across the normalization package.

Bug Fix

An issue where some of the Citrix NetScaler logs were not normalized by the normalization package LP_Citrix NetScaler has been resolved.

 

Support

If you have any queries or require assistance, create a support ticket.

  • app-115003788389.png (10 KB)

Comments

  • Avatar
    Michael Sorgenfrei Nielsen
    August 18, 2017 10:22

    Dashboard package as shown in the screenshot. Where is the screeshot.

    Comment actions Permalink
  • Avatar
    Permanently deleted user
    August 31, 2018 07:05

    Hi!
    It doesnt normalize the logs. Still just text. And dashboards show nothing.
    I have the logs and everything works fine with getting the logs to logpoint. But the normalization does not work.

    Comment actions Permalink

Article is closed for comments.

Follow

Related articles

  • Cyberoam
  • Panda Antivirus
  • Lookup
  • Template injection in Search Template
  • CrowdStrike
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.