...
Table 1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
Citrix NetScaler | LCP | 514 (UDP) or 601 (TCP) | Default port
|
Configuring Citrix NetScaler VPX
To configure the Citrix NetScaler VPX to send logs to the LCP, follow the steps below.
Verify if the hostname is configured.
Login to the NetScaler Web interface as an Administrator.
Navigate to Configuration > Settings.
...
Enter the Syslog details like Name, Server Type, IP address of the LCP and Port.
Select Log Levels as Custom.
Enable all checkboxes except DEBUG level in the configuration.
Select LOCAL0 from Log Facility drop-down.
Select MMDDYYYY from Date Format drop-down.
...
Note: Priority is a numeric value that indicates when this policy is evaluated relative to other policies. Access Gateway gives precedence to a policy with lower priority.
...
Configuring Citrix NetScaler SDX
To configure the Citrix NetScaler SDX to send logs to the LCP, follow the steps below.
Verify if the hostname is configured.
Login to the NetScaler Web interface as an Administrator.
Navigate to System > System Settings
In the Host Name text box, verify if the host name is present.
If the host name is configured already, no action is required.
If the text box is empty, type a host name without space.
...
iii. In the Time Zone text box, select UTC/GMT.
Configure a syslog server.
Navigate to System > Notifications > Syslog Servers.
In the details pane, click Add.
In the Create Syslog Server page, specify values for the syslog server parameters. Enter a Name, then LCP IP address, port number, Choose Log Level as ‘Custom' and select all log levels except Debug and then click 'Create’.
...
Configure the syslog parameters(date and time format).
Navigate to System > Notifications > Syslog Servers.
In the details pane, click Syslog Parameters.
In the Configure Syslog Parameters page, select the date format ‘MMDDYYYY’ and select time format ‘GMT’. Click 'OK'.
...
LCP Configuration Parameters
Table 1-2: The Citrix NetScaler event collector (Syslog -3679) properties to be configured by MDR are shown in the table.
Property | Default Value | Description |
Protocol | UDP | The default protocol for syslog. The collector can also accept logs in TCP. |
Port | 514 | The default port for UDP. For TCP, the default port is 601. |
IP Address | Citrix NetScaler IP Address | Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ). |
Signatures | AAA LOGIN_FAILED, AAA EXTRACTED_GROUPS, UI CMD_EXECUTED, SSLVPN LOGIN, SSLVPN LOGOUT SSLVPN ICASTART, SSLVPN ICAEND_CONNSTAT, SSLVPN TCPCONNSTAT, SSLVPN TCPCONN_TIMEDOUT SSLVPN UDPFLOWSTAT, SSLVPN HTTPREQUEST, SSLVPN NONHTTP_RESOURCEACCESS_DENIED SSLVPN HTTP_RESOURCEACCESS_DENIED, SSLVPN CLISEC_CHECK, SSLVPN CLISEC_EXP_EVALEVENT DEVICEUP EVENT DEVICEDOWN, SNMP TRAP_SENT, EVENT MONITORUP, EVENT MONITORDOWN, APPFW APPFW_STARTURL, APPFW APPFW_DENYURL APPFW APPFW_COOKIE, APPFW APPFW_BUFFEROVERFLOW_COOKIE, APPFW APPFW_BUFFEROVERFLOW_URL APPFW APPFW_BUFFEROVERFLOW_HDR, APPFW APPFW_SAFECOMMERCE, APPFW APPFW_SAFEOBJECT, APPFW APPFW_FIELDCONSISTENCY APPFW APPFW_FIELDFORMAT, APPFW APPFW_CSRF_TAG, APPFW APPFW_XSS, APPFW APPFW_SQL APPFW APPFW_XML_ERR_NOT_WELLFORMED, APPFW APPFW_XML_DOS_ERR_MAX_NAMESPACES, APPFW APPFW_XML_XSS APPFW APPFW_XML_SQL, APPFW AF_400_RESP, APPFW APPFW_POLICY_HIT, APPFW APPFW_POLICY_HIT_BUILTIN, APPFW APPFW_SIGNATURE_MATCH APPFW APPFW_XML_VALIDATION_ERR_INVALID_ELEMENT APPFW APPFW_XML_WSI_ERR_BODY_ENV_NAMESPACE APPFW_RESP APPFW_XML_VALIDATION_ERR_INVALID_ELEMENT APPFW_RESP APPFW_XML_WSI_ERR_BODY_ENV_NAMESPACE APPFW APPFW_FIELDFORMAT, APPFW APPFW_REFERER_HEADER, APPFW AF_MALFORMED_REQ_ERR APPFW_RESP APPFW_XML_ERR_NOT_WELLFORMED, GUI CMD_EXECUTED, CLI CMD_EXECUTED, EVENT STARTSAVECONFIG, EVENT STOPSAVECONFIG | MDR recommended signatures processed by the Citrix NetScaler event collector. |