From 8c79f34287a1d3eabc5c9c5c161531ddf06cb532 Mon Sep 17 00:00:00 2001 From: Sebastien Quioc Date: Tue, 3 Oct 2023 09:22:11 +0200 Subject: [PATCH] fix(Citrix): improve documentation --- .../collect/integrations/network/citrix_adc.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/xdr/features/collect/integrations/network/citrix_adc.md b/docs/xdr/features/collect/integrations/network/citrix_adc.md index 5d408cad5a..8e699d51a0 100644 --- a/docs/xdr/features/collect/integrations/network/citrix_adc.md +++ b/docs/xdr/features/collect/integrations/network/citrix_adc.md @@ -21,12 +21,20 @@ Citrix ADC (formely Citrix NetScaler) is a delivery controller and load-balancin - Have a NSLog server with the syslog protocol - Have an auditing module which runs on the NetScaler appliance. -### Enable syslog +### Forward audit logs -follow this [guide](https://docs.netscaler.com/en-us/citrix-adc/current-release/system/audit-logging/configuring-audit-logging.html) to enable syslog forwarding. +Follow this [guide](https://docs.netscaler.com/en-us/citrix-adc/current-release/system/audit-logging/configuring-audit-logging.html) to enable syslog forwarding for audit logs. **IMPORTANT:** please make sure `-dateFormat MMDDYYYY` is set and date is present in logs +### Forward Application Firewall logs + +To enable application firewall logs forwarding, see this [guide](https://support.citrix.com/article/CTX138973/how-to-send-application-firewall-messages-to-a-separate-syslog-server) and apply the following command to convert Application Firewall logs into CEF events: + +``` +set appfw settings CEFLogging on +``` + ### Create an intake Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Citrix ADC. @@ -34,3 +42,9 @@ Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a n ### Forward logs to Sekoia.io Please consult the [Syslog Forwarding](../../../ingestion_methods/sekoiaio_forwarder/) documentation to forward these logs to Sekoia.io. + +## Further readings + +- [Audit log forwarding](https://docs.netscaler.com/en-us/citrix-adc/current-release/system/audit-logging/configuring-audit-logging.html) +- [Application firewall forwarding](https://support.citrix.com/article/CTX138973/how-to-send-application-firewall-messages-to-a-separate-syslog-server) +- [CEF format](https://support.citrix.com/article/CTX136146/common-event-format-cef-logging-support-in-the-application-firewall)