Jump to content
Welcome to our new Citrix community!

Citrx ADC Netscaler syslog format?


resyrt erwtret

Recommended Posts

Hello 

 

Im trying to send syslogs from a Citrx ADC Netscaler to a syslog server and while I recieve it, I need to know the format in order to parse it.

 

Ideally, some kind of marker (like a comma for example) would make things MUCH easier but Citrix has decided to use spaces which is near IMPOSSIBLE to parse as you can have so many things with spaces in them and so many different types of logs.

 

I need to know what format is being sent so that I can at least ATTEMPT to create some kind of parse for it and store it correctly.

 

Thank you

Link to comment
Share on other sites

Here are samples of the ADC syslog records that I parse with Kiwi:

 

LOGIN records
Oct  9 14:07:51 <local0.info> 10.102.39.165 10/09/2014:08:37:51 GMT ns_nike 0-PPE-0 : SSLVPN LOGIN 11590 0 : Context user1@10.10.10.1 - SessionId: 15- User user1 - Client_ip 10.252.x.x- Nat_ip "Mapped Ip" - Vserver 10.102.48.227:80 - Browser_type "CitrixReceiver Android VpnCapable" - SSLVPN_client_type Android - Group(s) "N/A"
 
Oct  9 14:31:11 <local0.info> 10.102.39.165 10/09/2014:09:01:11 GMT ns_nike 0-PPE-0 : SSLVPN LOGIN 11623 0 : Context user2@10.10.10.1 - SessionId: 17- User user1 - Client_ip 10.252.x.x - Nat_ip "Mapped Ip" - Vserver 10.102.48.227:80 - Browser_type "CitrixReceiver Android VpnCapable" - SSLVPN_client_type Clientless - Group(s) "N/A"
 
Oct  9 14:33:27 <local0.info> 10.102.39.165 10/09/2014:09:03:27 GMT ns_nike 0-PPE-0 : SSLVPN LOGIN 11648 0 : Context user3@10.10.10.1- SessionId: 18- User user1 - Client_ip 10.252.x.x Nat_ip "Mapped Ip" - Vserver 10.102.48.227:80 - Browser_type "CitrixReceiver Android VpnCapable" - SSLVPN_client_type ICA - Group(s) "N/A"
 
Oct  9 14:41:08 <local0.info> 10.102.39.165 10/09/2014:09:11:08 GMT ns_nike 0-PPE-0 : SSLVPN LOGIN 11689 0 : Context user4@10.10.10.1 - SessionId: 21- User user1 - Client_ip 10.252.x.x- Nat_ip "Mapped Ip" - Vserver 10.102.48.227:80 - Browser_type "WindowsNT WinNT Windows NT 6.3 Mozilla 5.0" - SSLVPN_client_type Agent - Group(s) "N/A"

 

LOGOUT record
Oct  9 14:44:08 <local0.info> 10.102.39.165 10/09/2014:09:14:08 GMT ns_nike 0-PPE-0 : SSLVPN LOGOUT 11696 0 : Context user1@10.10.10.1 sessionId: 21- User user1 - Client_ip 10.252.x.x - Nat_ip "Mapped Ip" - Vserver 10.102.48.227:80 - Start_time "10/09/2014:09:10:44 GMT" - End_time "10/09/2014:09:14:08 GMT" - Duration 00:03:24  - Http_resources_accessed 0 - NonHttp_services_accessed 0 - Total_TCP_connections 1 - Total_UDP_flows 0 - Total_policies_allowed 0 - Total_policies_denied 0 - Total_bytes_send 754 - Total_bytes_recv 172 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - LogoutMethod "Explicit" - Group(s) "N/A"

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...