Integrate Citrix NetScaler

Similar documents
Integrate TippingPoint EventTracker Enterprise

Integrate EMC Isilon. EventTracker v8.x and above

Integrate pfsense EventTracker Enterprise

Integration of Phonefactor or Multi-Factor Authentication

Integrate Sophos Enterprise Console. EventTracker v8.x and above

Integrate HP ProCurve Switch

Integrate Fortinet Firewall. EventTracker v8.x and above

Integrate Cisco IronPort Security Appliance (ESA)

Integrate Microsoft Antimalware. EventTracker v8.x and above

Integrate Meraki WAP. EventTracker Enterprise. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Juniper Secure Access VPN

Integrate NGINX. EventTracker v8.x and above

Integrate Cisco IOS Publication Date: April 15, 2016

Integrate IIS SMTP server. EventTracker v8.x and above

Integrate MySQL Server EventTracker Enterprise

Integrate F5 BIG-IP LTM

Integrate Microsoft Hyper-V Server

Integrate Malwarebytes EventTracker Enterprise

Integrate Akamai Web Application Firewall EventTracker v8.x and above

Integrate Sophos Appliance. EventTracker v8.x and above

Integrate Check Point Firewall. EventTracker v8.x and above

Integrate Trend Micro InterScan Web Security

Integrate Cb Defense. EventTracker v8.x and above

Integrate Saint Security Suite. EventTracker v8.x and above

Integrate Apache Web Server

Integrate Dell FORCE10 Switch

Integrate Windows PowerShell

Integrate Cisco Switch

Integrating Barracuda SSL VPN

Integrate Cisco Sourcefire

Integrating Cyberoam UTM

Integrate McAfee Firewall Enterprise VPN

Integrate Barracuda Spam Firewall

Integrate Bluecoat Content Analysis. EventTracker v9.x and above

Integrate Veeam Backup and Replication. EventTracker v9.x and above

Integrate Palo Alto Traps. EventTracker v8.x and above

Integrate Microsoft Office 365. EventTracker v8.x and above

Integrate Viper business antivirus EventTracker Enterprise

Integrate Microsoft ATP. EventTracker v8.x and above

Integrate A10 ADC Publication Date: September 3, 2015

Integrating Imperva SecureSphere

Integrating Microsoft Forefront Unified Access Gateway (UAG)

Integrate Aventail SSL VPN

Integrate Sophos UTM EventTracker v7.x

Integrating Terminal Services Gateway EventTracker Enterprise

SECURE FILE TRANSFER PROTOCOL. EventTracker v8.x and above

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

Integrate WatchGuard XTM. EventTracker Enterprise

Integrate Salesforce. EventTracker v8.x and above

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Receive and Forward syslog events through EventTracker Agent. EventTracker v9.0

How To Embed EventTracker Widget to an External Site

Integrate Cisco VPN Concentrator

Integrating Cisco Distributed Director EventTracker v7.x

EventTracker v7.x. Integrating Cisco Catalyst. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Microsoft IIS

Integrate Kaspersky Security Center

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker

Integrate APC Smart UPS

Port Configuration. Configure Port of EventTracker Website

Integrate VMware ESX/ESXi and vcenter Server

Integrate Clavister Firewall

Integrate Citrix Access Gateway

Secure IIS Web Server with SSL

8815 Centre Park Drive Columbia MD Publication Date: Dec 04, 2014

Product Update: ET82U16-029/ ET81U EventTracker Enterprise

Enhancement in Network monitoring to monitor listening ports EventTracker Enterprise

Geolocation and hostname resolution while Elasticsearch indexing. Update Document

Integrate Routing and Remote Access Service (RRAS) EventTracker v8.x and above

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Security Scorecard in Flex Dashboard

Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker

Remote Indexing Feature Guide

Service Pack ET90U Feature Document

Event Correlator. EventTracker v8.x

Integrate Trend Micro Control Manager. EventTracker v8.x and above

IIS Web Server Configuration Guide EventTracker v8.x

Enable Auditing in Open LDAP on Linux Server

Enhancement in Agent syslog collector to resolve sender IP Address EventTracker Enterprise

Configuring TLS 1.2 in EventTracker v9.0

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

EventTracker Upgrade Guide. Upgrade to v9.0

EventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD

IIS Web Server Configuration Guide EventTracker v9.x

Integrating LOGbinder SP EventTracker v7.x

Agent Installation Using Smart Card Credentials Detailed Document

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Installation Guide Install Guide Centre Park Drive Publication Date: Feb 11, 2010

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Feature List. EventTracker v9.0

Upgrade Guide. Upgrading to EventTracker v7.1 Enterprise. Upgrade Guide Centre Park Drive Publication Date: Apr 11, 2011.

Agent health check enhancements Detailed Document

New Features Guide EventTracker v6.2

EventTracker: Backup and Restore Guide Version 9.x

Configure Alerts. EventTracker v6.x. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Jun 12, 2009

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Agent Direct Log Archiver Configuration Guide

Feature List. EventTracker v7.6. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Sep 15, 2014

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

Check Point Guide. Configure ETAgent to read CheckPoint Logs. EventTracker 8815 Centre Park Drive Columbia MD

Transcription:

Publication Date: December 08, 2016

Abstract This guide helps you in configuring Citrix NetScaler and EventTracker to receive Citrix NetScaler events. You will find the detailed procedures required for monitoring Citrix NetScaler Appliance. Scope The configurations detailed in this guide are consistent with EventTracker version 7.x and later, and Citrix NetScaler 10 and 11. Audience Administrators, who are responsible for monitoring Citrix NetScaler using EventTracker Enterprise. The information contained in this document represents the current view of EventTracker. on the issues discussed as of the date of publication. Because EventTracker must respond to changing market conditions, it should not be interpreted to be a commitment on the part of EventTracker, and EventTracker cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. EventTracker MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from EventTracker, if its content is unaltered, nothing is added to the content and credit to EventTracker is provided. EventTracker may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from EventTracker, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. 2017 EventTracker Security LLC. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 1

Table of Contents Abstract... 1 Introduction... 3 Prerequisites... 3 Configure Citrix NetScaler to forward all the logs to EventTracker... 3 Configure Syslog logging... 3 EventTracker Knowledge Pack... 7 Categories... 7 Alerts... 10 Flex Reports... 11 Import Citrix NetScaler knowledge pack into EventTracker... 18 Category... 18 Alerts... 19 Templates... 21 Flex Reports... 23 Verify Citrix NetScaler knowledge pack in EventTracker... 24 Category... 24 Alerts... 24 Template... 25 Flex Reports... 26 Create Flex Dashboards in EventTracker... 28 Schedule Reports... 28 Create Dashlets... 30 Sample Flex Dashboards... 33 2

Introduction The Citrix NetScaler makes applications run five times better, reduces web application ownership costs, optimizes the user experience, and makes sure that applications are always available. Citrix NetScaler can significantly improve the user experience for XenApp and XenDesktop deployments while improving security. To monitor Citrix NetScaler Appliance in EventTracker, configure Citrix NetScaler Appliance to send all events as Syslog to the EventTracker system. Prerequisites EventTracker v7.x should be installed. Citrix NetScaler Appliance should be installed. An exception should be added into windows firewall on EventTracker machine for syslog port 514 Configure Citrix NetScaler to forward all the logs to EventTracker Configure Syslog logging To configure the syslog from the Graphical User Interface (GUI) of the NetScaler appliance, complete the following steps: Expand the System node in the Configuration utility of the GUI. Expand the Auditing node from the System node. Click Syslog as shown in the following screen shot. 3

Figure 1 On the Auditing Policies and Servers, select the Servers tab. Click Add as shown in the following screen shot. Figure 2 In the Name filed, type the name of the auditing server. In the Auditing Type list, select SYSLOG. 4

In the IP Address field, type the IP address of the EventTracker Manager Machine. In the Port field, type the remote port number. The port 514 is the standard syslog port. From the Log Levels group, select the appropriate options to set the log level to receive the logs from the remote server. If required, select the following optional components: o Select an appropriate log facility from the Log Facility list. o Select the TCP Logging or ACL Logging options. o Select the date format and time zone. The following screen shot displays the sample values described in Step 6 through Step 11. Figure 3 Click Create. Click Close. Select the Policies tab. Click Add. In the Name field, type the name of the auditing policy. In the Auditing Type list, select SYSLOG. From the Server list, select the created server in this procedure. 5

The following screen shot displays the sample values described in Step 14 through Step 18. Figure 4 Click Create. Click Close. Click Global Bindings. Click Insert Policy and select the best_syslog_policy_ever policy as shown in the following screen shot. Figure 5 6

Click OK. NOTE: In order to get reports regarding TCP, ACL or AppFlow the following should be enabled which is marked inside red box 11. But these logs are voluminous when generated. Figure 6 EventTracker Knowledge Pack Once Citrix NetScaler events are enabled and Citrix NetScaler events are received in EventTracker, Alerts and Reports can be configured in EventTracker. The following Knowledge Packs are available in EventTracker to support Citrix NetScaler monitoring. Categories Citrix NetScaler: All events This category provides information related to all events from Citrix NetScaler. Citrix NetScaler: Buffer overflow violation This category provides information related to buffer overflow violation. Citrix NetScaler: Command execution This category provides information related to command execution. Citrix NetScaler: Confidential field added/removed This category provides information related to confidential field added/removed. 7

Citrix NetScaler: Connection delinked This category provides information related to connection delinked. Citrix NetScaler: Connection terminated This category provides information related to connection terminated. Citrix NetScaler: Cookie violation This category provides information related to cookie violation. Citrix NetScaler: CPU started This category provides information related to CPU started. Citrix NetScaler: Deny URL violation This category provides information related to deny URL violation. Citrix NetScaler: Device down This category provides information related to device down. Citrix NetScaler: Device out of service This category provides information related to device out of service. Citrix NetScaler: Device up This category provides information related to device up. Citrix NetScaler: Field consistency violation This category provides information related to field consistency violation. Citrix NetScaler: Field format violation This category provides information related to field format violation. Citrix NetScaler: Field type added/removed This category provides information related to field type added/removed. Citrix NetScaler: HTTP request error This category provides information related to HTTP request error. Citrix NetScaler: Login failed This category provides information related to authorization denied. Citrix NetScaler: Memory allocation failed This category provides information related to memory allocation failed. Citrix NetScaler: Memory freed This category provides information related to memory freed. Citrix NetScaler: NetScaler system start/stop This category provides information related to NetScaler system start/stop. Citrix NetScaler: Network interface hanged This category provides information related to network interface hanged. Citrix NetScaler: Network interface start/stop This category provides information related to network interface start/stop. 8

Citrix NetScaler: NIC migration This category provides information related to NIC migration. Citrix NetScaler: Pitboss process added This category provides information related to pitboss process added. Citrix NetScaler: Pitboss process restarted This category provides information related to pitboss process restarted. Citrix NetScaler: Pitboss system restarted This category provides information related to pitboss system restarted. Citrix NetScaler: Safe commerce violation This category provides information related to safe commerce violation. Citrix NetScaler: Safe object violation This category provides information related to safe object violation. Citrix NetScaler: Security profile added/removed This category provides information related to security profile added/removed. Citrix NetScaler: Security profile binded This category provides information related to security profile binded. Citrix NetScaler: SQL injection violation This category provides information related to SQL injection violation. Citrix NetScaler: SSL certificate expiry alert This category provides information related to SSL certificate expiry alert. Citrix NetScaler: SSL handshake failed This category provides information related to SSL handshake failed. Citrix NetScaler: SSL handshake success This category provides information related to SSL handshake success. Citrix NetScaler: SSLVPN client security check This category provides information related to SSLVPN client security check. Citrix NetScaler: SSLVPN connection time out This category provides information related to SSLVPN connection time out. Citrix NetScaler: SSLVPN HTTP request received This category provides information related to SSLVPN HTTP request received. Citrix NetScaler: SSLVPN license limit reached This category provides information related to SSLVPN license limit reached. Citrix NetScaler: SSLVPN login This category provides information related to SSLVPN login. Citrix NetScaler: SSLVPN logout This category provides information related to SSLVPN logout. 9

Citrix NetScaler: SSLVPN resource access denied This category provides information related to SSLVPN resource access denied. Citrix NetScaler: SSLVPN TCP connection status This category provides information related to SSLVPN TCP connection status. Citrix NetScaler: Start URL violation This category provides information related to Start URL violation. Citrix NetScaler: XSS violation This category provides information related to XSS violation. Alerts Citrix NetScaler: Device down This alert is generated when NetScaler device is down. Citrix NetScaler: Device out of service This alert is generated when NetScaler device is out of service. Citrix NetScaler: HA propagation failed This alert is generated when HA propagation failed. Citrix NetScaler: HTTP resource access denied This alert is generated when HTTP resource access is denied. Citrix NetScaler: Interface bound or unbound from a channel This alert is generated when Interface bound or unbound from a channel. Citrix NetScaler: Login failed This alert is generated when a module failed to login the user. Citrix NetScaler: NetScaler system stopped This alert is generated when NetScaler system has stopped. Citrix NetScaler: Network interface hung This alert is generated when network interface is in hung state. Citrix NetScaler: Network interface reset This alert is generated when network interface is reset. Citrix NetScaler: Network interface stopped This alert is generated when network interface is stopped. Citrix NetScaler: Non HTTP resource access denied This alert is generated when non HTTP resource access is denied. Citrix NetScaler: Pitboss process restarted This alert is generated when pitboss process restarted. Citrix NetScaler: Pitboss system restarted This alert is generated when pitboss system restarted. 10

Citrix NetScaler: SNMP module started an alarm This alert is generated when SNMP module started an alarm. Citrix NetScaler: SNMP module stopped an alarm This alert is generated when SNMP module stopped an alarm. Citrix NetScaler: SSL certificate will expire soon This alert is generated when SSL certificate will expire soon. Citrix NetScaler: SSLVPN license limit reached This alert is generated when SSLVPN license limit reached. Citrix NetScaler: Start URL violation This alert is generated when URL violation has occurred. Citrix NetScaler: AAA session login failed This alert is generated when AAA session login has been failed in the Citrix NetScaler. Citrix NetScaler: AppFW DOS attack detected This alert is generated when AppFW DOS attack has occurred in the Citrix NetScaler. Citrix NetScaler: AppFW security violation detected This alert is generated when AppFW security violation has been detected in the Citrix NetScaler. Citrix NetScaler: Console logon failure This alert is generated when Console logon failure has occurred in the Citrix NetScaler. Flex Reports Citrix NetScaler-TCP session details This report provides the information related to TCP session details like source address, destination address, byte sent and received etc in Citrix NetScaler. NOTE: This report is generated only when TCP logging has been enabled Sample Report: Figure 7 11

Logs Considered: Figure 8 Citrix NetScaler-SSLVPN ICA application started or terminated This report provides the information related to SSL VPN ICA whether the application has started or terminated in Citrix NetScaler. Sample Report: Figure 9 Logs Considered: Figure 10 Citrix NetScaler-SSLVPN session details This report provides the information related to SSLVPN session details like user name, source address, and destination address, byte sent and received in Citrix NetScaler. Sample Report: Figure 11 12

Logs Considered: Figure 12 Citrix NetScaler-HTTP or Non-HTTP resource access denied This report provides the information related to HTTP or non-http resource access that has been denied. Sample Report: Figure 13 Logs Considered: Figure 14 Citrix NetScaler-AAA session logon or logout This report provides the information related to session login or logout using AAA in Citrix NetScaler. Sample Report: Figure 15 13

Logs Considered: Figure 16 Citrix NetScaler-AAA session logon failed This report provides the information related to login failed using AAA in Citrix NetScaler. Sample Report: Figure 17 Logs Considered: Figure 18 Citrix NetScaler-ACL rule hit details This report provides the information related to rule hit details of ACL in Citrix NetScaler. Sample Report: Figure 19 Logs Considered: Figure 20 14

Citrix NetScaler-Console logon success This report provides the information related to logon success for console in Citrix NetScaler. Sample Report: Figure 21 Logs Considered: Figure 22 Citrix NetScaler-Command execution details This report provides the information related to execution of commands along with their details like user name, user address command executed and their status in Citrix NetScaler. Sample Report: Figure 23 Logs Considered: Figure 24 Citrix NetScaler-AppFW security violation details This report provides the information related to security violation details for AppFW in Citrix NetScaler. 15

Sample Report: Figure 25 Logs Considered: Figure 26 Citrix NetScaler-SSLVPN session login or logout This report provides the information related to session login or logout of SSLVPN in Citrix NetScaler. Sample Report: Figure 27 Logs Considered: Figure 28 16

Citrix NetScaler-Console logon failure This report provides the information related to logon failure of console in Citrix NetScaler. Sample Report: Figure 29 Logs Considered: Figure 30 17

Import Citrix NetScaler knowledge pack into EventTracker NOTE: Import knowledge pack items in the following sequence: Categories Alerts Templates Knowledge Objects Flex Reports 1. Launch EventTracker Control Panel. 2. Double click Export Import Utility. 3. Click the Import tab. Category Figure 31 1. Click Category option, and then click the browse button. 2. Locate the All Citrix NetScaler group of categories.iscat file, and then click Open button. 18

3. To import categories, click the Import button. EventTracker displays success message. Figure 32 4. Click the OK, and then click the Close button. Alerts Figure 33 1. Click Alerts option, and then click the browse button. 2. Locate the All Citrix NetScaler group of alerts.isalt file, and then click the Open button. 19

Figure 34 2. To import alerts, click the Import button. EventTracker displays success message. Figure 35 3. Click OK, and then click the Close button. 20

Templates 1. Click the Admin menu, and then click Parsing rule. 2. Select Template tab, and then click on Import option. 3. Click on Browse button. Figure 36 Figure 37 21

4. Locate All Citrix NetScaler group of Template.ettd file, and then click the Open button Figure 38 5. Now select the check box and then click on Import option. EventTracker displays success message. Figure 39 6. Click on OK button. 22

Flex Reports 1. Click Reports option, and then click the browse button. 2. Locate the All Citrix NetScaler group of flex reports.issch file, and then click the Open button. Figure 40 1. Click the Import button to import the scheduled reports. EventTracker displays success message. Figure 41 23

Verify Citrix NetScaler knowledge pack in EventTracker Category 1. In the EventTracker Enterprise web interface, click the Admin dropdown, and then click Categories. 2. In the Category Tree, expand Citrix NetScaler group folder to see the imported categories. Alerts Figure 42 1. In the EventTracker Enterprise web interface, click the Admin dropdown, and then click Alerts. 2. In the Search field, type Citrix NetScaler', and then click Go button. Alert Management page will display the imported Citrix NetScaler alert. 24

Figure 43 3. To activate the imported alerts, select the respective checkbox in the Active column. EventTracker displays message box. Figure 44 4. Click the OK button, and then click the Activate now button. NOTE:You can select alert notification such as Beep, Email, and Message etc. For this, select the respective checkbox in the Alert management page, and then click the Activate Now button. Template 1. Logon to EventTracker Enterprise web interface. 2. Click the Admin menu, and then click Parsing Rules and click Template. 25

Flex Reports Figure 45 1. In the EventTracker Enterprise web interface, click the Reports menu, and then select Configuration. 2. In Reports Configuration pane, select Defined option. 3. In search box enter Citrix NetScaler, and then click the Search button. EventTracker displays Flex reports of Citrix NetScaler. 26

Figure 46 27

Create Flex Dashboards in EventTracker NOTE: To configure the flex dashboards, schedule and generate the reports. Flex dashboard feature is available from EventTracker Enterprise v8.0. Schedule Reports 1. Open EventTracker in browser and logon. Figure 47 2. Navigate to Reports>Configuration. 3. Select Citrix NetScaler in report groups. Check Defined dialog box. Figure 48 4. Click on schedule to plan a report for later execution. 28

5. Click Next button to proceed. 6. In review page, check Persist data in EventVault Explorer option. Figure 49 7. In next page, check column names to persist using PERSIST checkboxes beside them. Choose suitable Retention period. Figure 50 29

8. Proceed to next step and click Schedule button. 9. Wait till the reports get generated. Create Dashlets 1. Open EventTracker Enterprise in browser and logon. 2. Navigate to Dashboard>Flex. Flex Dashboard pane is shown. Figure 51 Figure 52 30

3. Fill suitable title and description and click Save button. 4. Click to configure a new flex dashlet. Widget configuration pane is shown. Figure 53 5. Locate earlier scheduled report in Data Source dropdown. 6. Select Chart Type from dropdown. 7. Select extent of data to be displayed in Duration dropdown. 8. Select computation type in Value Field Setting dropdown. 9. Select evaluation duration in As Of dropdown. 10. Select comparable values in X Axis with suitable label. 11. Select numeric values in Y Axis with suitable label. 12. Select comparable sequence in Legend. 13. Click Test button to evaluate. Evaluated chart is shown. 31

Figure 54 14. If satisfied, click Configure button. Figure 55 15. Click customize to locate and choose created dashlet. 16. Click to add dashlet to earlier created dashboard. 32

Sample Flex Dashboards For below dashboard DATA SOURCE: Citrix NetScaler- SSLVPN session login or logout 1. Citrix NetScaler - SSLVPN session login or logout WIDGET TITLE: Citrix NetScaler - SSLVPN session login or logout CHART TYPE: Donut AXIS LABELS [X-AXIS]: Client Address FILTER: End Time LEGEND [SERIES]: Status Figure 57 33

For below dashboard DATA SOURCE: Citrix NetScaler-AAA session login or logout 2. Citrix NetScaler-AAA session login or logout WIDGET TITLE: Citrix NetScaler - AAA session login or logout CHART TYPE: Donut AXIS LABELS [X-AXIS]: Reason FILTER: End Time LEGEND [SERIES]: Status Figure 58 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback