Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Device Integration: Citrix NetScaler

            Modified on Tue, 12 May at 3:09 PM

            TABLE OF CONTENTS


            Overview

            This article outlines the steps to configure Citrix ADC (formerly NetScaler) to send syslog events in CEF format to the ADR CCE platform using the GUI interface. It also provides best practices for avoiding time sync issues and ensures policy is applied correctly.


            Pre-requisites

            • Administrative access to Citrix ADC (NetScaler) GUI.

            • IP address and port of the ADR CCE server.

            • Ensure required ports (default: UDP 514) are open between Citrix ADC and ADR.


            Configuration Steps

            • Go to:
              Configuration > System > Auditing > Syslog > Servers


            Add Syslog Server

            Click "Add" and fill in the following:

            FieldValue
            Namee.g., Sys_Seceon
            Server TypeServer IP
            IP Address<Seceon CCE IP>
            Port514
            Transport TypeUDP
            Log FacilityLOCAL0 (or as required)
            Date FormatMMDDYYYY
            Time ZoneGMT ✔️ (Recommended to avoid time drift issues)
            Log LevelsALL
            TCP LoggingLeave unchecked for UDP
            UDP Logging✅ Enable


            Click "Create".



            Create Syslog Policy

            Navigate to:
            Configuration > System > Auditing > Syslog > Policies

            Click Add and configure:

            FieldValue
            NameSyslog_Seceon_Policy
            Auditing TypeSYSLOG
            Expression Type✅ Advanced Policy (✔️ Recommended)
            ServerSelect the previously created server

            Click "Create".


            Note: While “Classic Policy” is still supported, it is deprecated starting from ADC version 12.0 build 56.20. Prefer Advanced Policies.



            Bind the Policy Globally

            • Go to Policies tab > Action > Advanced Policy Global Bindings

            • Select the policy created above.

            • Click Bind

            • Click Done


            Verification (MSSP Only)

            After configuration:

            1. Log in to ADR GUI Console with appropriate "Administrative" rights.

              • Go to:
                System > Logs and Flows Collection Status

              • Check for:

                • Source Device IP: Should reflect Citrix ADC IP.

                • Device Name: Should match what’s configured.


            Troubleshooting Tips

            SymptomSolution
            Logs not receivedVerify UDP port 514 is open and reachable
            Logs are missing timestamps or are in the wrong time zoneConfirm Time Zone is set to GMT
            Inconsistent log data in the BI dashboardEnsure correct log facility and level selection; check timestamp format
            Policy not triggeringCheck if the policy is bound globally
            Data misalignment in ADR CCESync both systems’ time zones and confirm data parsing format



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0