Citrix
Citrix enables you to collect and normalize Citrix logs and lets you analyze the information through the LP_Citrix NetScaler dashboard. The dashboard visualizes users successful/failed logins, accessed applications, HTTP Requests and data utilizations. You can customize it to perform in-depth analysis by changing the data used in a search.
Enhancement
| Description | Issue ID | Reference ID |
|---|---|---|
| Citrix Netscaler compiled normalizer now supports parsing a subset of Syslog logs from Netscaler v14.1. |
PLUG-15929 PLUG-16417 |
88599, 88911, 89416, 89547, 88911, 89416, 89547 |
Bug Fixes
| Description | Issue ID | Reference ID |
| After upgrading to Logpoint v7.5.0, the CitrixADCCompiledNormalizer encountered compatibility issues due to a deprecated regex pattern, preventing the normalizer from functioning correctly. |
PLUG-15845 |
88163, 88911 85680 |
| In some cases, CitrixNetscaler logs were not normalized. | PLUG-13285 | 85680 |
| CitrixNetscalerCompiledNormalizer logs were stored with incorrect timestamps because the normalizer used the event’s Start Time rather than the Syslog header for log_ts. | PLUG-16505 | 89396 |
Past Releases
Citrix v5.4.0
Key Information
You can configure a date format for CitrixNetScalerCompiledNormalizer and CitrixADCCompiledNormalizer using CNDP.
Enhancements
| Description | Issue ID | Reference ID |
|---|---|---|
| Added Syslog Collector based Netscaler log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. | KB-22640 | - |
|
Added CompiledNormalizer Date Preference (CNDP) support to CitrixNetScalerCompiledNormalizer, ensuring consistent date format in normalized CitrixNetScaler logs. Go to CNDP to learn how to configure it. |
KB-24430 | - |
|
For Netscaler login logs when normalized by CitrixNetScalerCompiledNormalizer:
|
KB-22821 | 78618 |
Bug Fix
| Description | Issue ID | Reference ID |
| Some CitrixNetScaler logs were not correctly normalized by LP_Citrix NetScaler, LP_Citrix Secure Gateway, LP_Citrix XenDesktop, LP_Citrix XenMobile, LP_Citrix SDWAN CitrixNetScalerCompiledNormalizer and CitrixADCCompiledNormalizer. |
KB-24789, KB-22265, KB-22211 | 77791, 77528, 77609 |
Citrix v5.3.0
Release Date: September 19, 2023
Supported On: Logpoint v6.7.0 and later
Download: Citrix_5.3.0.pak
SHA256: 8f468480a2373e6685cca778931d021bd8525182a0ecc7acb3790d081e49fcb8
Enhancements
|
Description
|
Issue ID
|
Zendesk Support ID
|
|---|---|---|
| Added a new CitrixADCCompiledNormalizer to support Citrix ADC WebApp logs. | KB-19323 | 71417 |
|
CitrixNetScalerCompiledNormalizer is now made configurable to select a date format (European or American). |
KB-20318 | - |
| The log_ts field is now normalized by CitrixNetScalerCompiledNormalizer. | KB-19092 | 70972 |
| Added new signatures in CitrixNetScalerCompiledNormalizer to support the Citirix Netscalar ADC logs. | KB-19761 | 72159 |
Bug Fixes
The following issues are fixed:
|
Description
|
Issue ID
|
Zendesk Support ID
|
|---|---|---|
|
Some Citrix and Citirix Netscaler logs were not correctly normalized by LP_Citrix NetScaler, LP_CitrixSDWAN, LP_CitrixSecure Gateway, LP_CitrixXenDesktop, CitrixNetscalerCompiledNormalizer and LP_CitrixXenMobile. |
KB-17854, KB-20469, KB-20205 | 73609, 72766 |
| The source_address field was not properly normalized by LP_Citrix Netscaler. | KB-19918 | 72466 |
Citrix v5.2.0
Release Date: April 04, 2022
Supported On: Logpoint v6.7.4 and later
Download: Citrix_5.2.0.pak
SHA256: 2f0b4eee46e7bd3ad023c12fc14c375d8f9b3bc767dc290e27c99de9f28cd52f
Enhancements
|
Description
|
Issue ID
|
Zendesk Support ID
|
|---|---|---|
| Added CitrixNetScalerCompiledNormalizer to normalize the Citrix logs previously normalized by normalization packages. | KB-16104 | - |
|
Made the following changes in the Citrix Netscalar logs to make them compatible for LogPoint UEBA:
|
KB-15732 | 62694 |
| Added new signatures in LP_Citrix NetScaler to support the Citirix Netscalar logs. | KB-15714 | 62904 |
| Updated signatures in LP_Citrix NetScaler to support the Citrix Netscalar logs new format. | KB-15714, KB-14052 | 62904, 59111 |
Bug Fixes
The following issues are fixed:
|
Description
|
Issue ID
|
Zendesk Support ID
|
|---|---|---|
| Some Citrix SSLVN logs were not properly normalized by LP_Citrix NetScaler |
KB-15726 | 62859 |
| The user and log_ts fields were not properly normalized in some Citrix logs. | KB-10129, KB-15273 | - |
Citrix v5.0.1
Enhancement
The following enhancements have been made in the normalization package LP_Citrix NetScaler:
- The signature ID's 29066, 29094, 29097, 29099, 29100, 29101, 29102, and 29103 have been enhanced and new signatures have been added to normalize the NetScaler logs.
- The signature ID 29040 has been deactivated.
- The signature ID 29064 has been updated to correctly capture the value for the field policy.
- The signature ID 29053 has been updated to correctly capture the value for the field protocol_version by adding a space separator between the field protocol_version and its value.
- The signature ID 29091 has been updated to capture the value of the type string for the field protocol_version.
- The signature ID 29009 has been updated to capture the LOGIN_FAILED event as category to maintain consistency across the normalization package.
Bug Fix
An issue where some of the Citrix NetScaler logs were not normalized by the normalization package LP_Citrix NetScaler has been resolved.
Support
If you have any queries or require assistance, create a support ticket.
Dashboard package as shown in the screenshot. Where is the screeshot.
Hi!
It doesnt normalize the logs. Still just text. And dashboards show nothing.
I have the logs and everything works fine with getting the logs to logpoint. But the normalization does not work.