Merge pull request #1362 from SEKOIA-IO/fix/CitrixADCForwarding

Citrix: improve documentation

docs/xdr/features/collect/integrations/network/citrix_adc.md

@@ -21,16 +21,30 @@ Citrix ADC (formely Citrix NetScaler) is a delivery controller and load-balancin
 - Have a NSLog server with the syslog protocol
 - Have an auditing module which runs on the NetScaler appliance.
 
-### Enable syslog
+### Forward audit logs
 
-follow this [guide](https://docs.netscaler.com/en-us/citrix-adc/current-release/system/audit-logging/configuring-audit-logging.html) to enable syslog forwarding.
+Follow this [guide](https://docs.netscaler.com/en-us/citrix-adc/current-release/system/audit-logging/configuring-audit-logging.html) to enable syslog forwarding for audit logs.
 
 **IMPORTANT:** please make sure `-dateFormat MMDDYYYY` is set and date is present in logs
 
+### Forward Application Firewall logs
+
+To enable application firewall logs forwarding, see this [guide](https://support.citrix.com/article/CTX138973/how-to-send-application-firewall-messages-to-a-separate-syslog-server) and apply the following command to convert Application Firewall logs into CEF events:
+
+```
+set appfw settings CEFLogging on
+```
+
 ### Create an intake
 
 Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Citrix ADC.
 
 ### Forward logs to Sekoia.io
 
 Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io.
+
+## Further readings
+
+- [Audit log forwarding](https://docs.netscaler.com/en-us/citrix-adc/current-release/system/audit-logging/configuring-audit-logging.html)
+- [Application firewall forwarding](https://support.citrix.com/article/CTX138973/how-to-send-application-firewall-messages-to-a-separate-syslog-server)
+- [CEF format](https://support.citrix.com/article/CTX136146/common-event-format-cef-logging-support-in-the-application-firewall)