Citrix
Citrix enables you to collect and normalize Citrix logs and lets you analyze the information through the LP_Citrix NetScaler dashboard. The dashboard visualizes users successful/failed logins, accessed applications, HTTP Requests and data utilizations. You can customize it to perform in-depth analysis by changing the data used in a search.
Enhancement
| Description | Issue ID | Reference ID |
|---|---|---|
| Citrix Netscaler compiled normalizer now supports parsing a subset of Syslog logs from Netscaler v14.1. |
PLUG-15929 PLUG-16417 |
88599, 88911, 89416, 89547, 88911, 89416, 89547 |
Bug Fixes
| Description | Issue ID | Reference ID |
| After upgrading to Logpoint v7.5.0, the CitrixADCCompiledNormalizer encountered compatibility issues due to a deprecated regex pattern, preventing the normalizer from functioning correctly. |
PLUG-15845 |
88163, 88911 85680 |
| In some cases, CitrixNetscaler logs were not normalized. | PLUG-13285 | 85680 |
| CitrixNetscalerCompiledNormalizer logs were stored with incorrect timestamps because the normalizer used the event’s Start Time rather than the Syslog header for log_ts. | PLUG-16505 | 89396 |
Past Releases
Citrix v5.4.0
Key Information
You can configure a date format for CitrixNetScalerCompiledNormalizer and CitrixADCCompiledNormalizer using CNDP.
Enhancements
| Description | Issue ID | Reference ID |
|---|---|---|
| Added Syslog Collector based Netscaler log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. | KB-22640 | - |
|
Added CompiledNormalizer Date Preference (CNDP) support to CitrixNetScalerCompiledNormalizer, ensuring consistent date format in normalized CitrixNetScaler logs. Go to CNDP to learn how to configure it. |
KB-24430 | - |
|
For Netscaler login logs when normalized by CitrixNetScalerCompiledNormalizer:
|
KB-22821 | 78618 |
Bug Fix
| Description | Issue ID | Reference ID |
| Some CitrixNetScaler logs were not correctly normalized by LP_Citrix NetScaler, LP_Citrix Secure Gateway, LP_Citrix XenDesktop, LP_Citrix XenMobile, LP_Citrix SDWAN CitrixNetScalerCompiledNormalizer and CitrixADCCompiledNormalizer. |
KB-24789, KB-22265, KB-22211 | 77791, 77528, 77609 |
Citrix v5.3.0
Release Date: September 19, 2023
Supported On: Logpoint v6.7.0 and later
Download: Citrix_5.3.0.pak
SHA256: 8f468480a2373e6685cca778931d021bd8525182a0ecc7acb3790d081e49fcb8
Enhancements
|
Description
|
Issue ID
|
Zendesk Support ID
|
|---|---|---|
| Added a new CitrixADCCompiledNormalizer to support Citrix ADC WebApp logs. | KB-19323 | 71417 |
|
CitrixNetScalerCompiledNormalizer is now made configurable to select a date format (European or American). |
KB-20318 | - |
| The log_ts field is now normalized by CitrixNetScalerCompiledNormalizer. | KB-19092 | 70972 |
| Added new signatures in CitrixNetScalerCompiledNormalizer to support the Citirix Netscalar ADC logs. | KB-19761 | 72159 |
Bug Fixes
The following issues are fixed:
|
Description
|
Issue ID
|
Zendesk Support ID
|
|---|---|---|
|
Some Citrix and Citirix Netscaler logs were not correctly normalized by LP_Citrix NetScaler, LP_CitrixSDWAN, LP_CitrixSecure Gateway, LP_CitrixXenDesktop, CitrixNetscalerCompiledNormalizer and LP_CitrixXenMobile. |
KB-17854, KB-20469, KB-20205 | 73609, 72766 |
| The source_address field was not properly normalized by LP_Citrix Netscaler. | KB-19918 | 72466 |
Citrix v5.2.0
Release Date: April 04, 2022
Supported On: Logpoint v6.7.4 and later
Download: Citrix_5.2.0.pak
SHA256: 2f0b4eee46e7bd3ad023c12fc14c375d8f9b3bc767dc290e27c99de9f28cd52f
Enhancements
|
Description
|
Issue ID
|
Zendesk Support ID
|
|---|---|---|
| Added CitrixNetScalerCompiledNormalizer to normalize the Citrix logs previously normalized by normalization packages. | KB-16104 | - |
|
Made the following changes in the Citrix Netscalar logs to make them compatible for LogPoint UEBA:
|
KB-15732 | 62694 |
| Added new signatures in LP_Citrix NetScaler to support the Citirix Netscalar logs. | KB-15714 | 62904 |
| Updated signatures in LP_Citrix NetScaler to support the Citrix Netscalar logs new format. | KB-15714, KB-14052 | 62904, 59111 |
Bug Fixes
The following issues are fixed:
|
Description
|
Issue ID
|
Zendesk Support ID
|
|---|---|---|
| Some Citrix SSLVN logs were not properly normalized by LP_Citrix NetScaler |
KB-15726 | 62859 |
| The user and log_ts fields were not properly normalized in some Citrix logs. | KB-10129, KB-15273 | - |
Citrix v5.0.1
Enhancement
The following enhancements have been made in the normalization package LP_Citrix NetScaler:
- The signature ID's 29066, 29094, 29097, 29099, 29100, 29101, 29102, and 29103 have been enhanced and new signatures have been added to normalize the NetScaler logs.
- The signature ID 29040 has been deactivated.
- The signature ID 29064 has been updated to correctly capture the value for the field policy.
- The signature ID 29053 has been updated to correctly capture the value for the field protocol_version by adding a space separator between the field protocol_version and its value.
- The signature ID 29091 has been updated to capture the value of the type string for the field protocol_version.
- The signature ID 29009 has been updated to capture the LOGIN_FAILED event as category to maintain consistency across the normalization package.
Bug Fix
An issue where some of the Citrix NetScaler logs were not normalized by the normalization package LP_Citrix NetScaler has been resolved.
Support
If you have any queries or require assistance, create a support ticket.
Comments
Article is closed for comments.
Dashboard package as shown in the screenshot. Where is the screeshot.
Hi!
It doesnt normalize the logs. Still just text. And dashboards show nothing.
I have the logs and everything works fine with getting the logs to logpoint. But the normalization does not work.