Scribd Logo
Upload

Welcome to Scribd!

  • Alien Vault Device Integration Citrix NetScaler

    Uploaded by

    BrittAdams
    228 views7 pages
    Alien Vault Device integration guide for configuring logging from Citrix NetScaler

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Alien Vault Device integration guide for configuring logging from Citrix NetScaler

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    228 views7 pages

    Alien Vault Device Integration Citrix NetScaler

    Uploaded by

    BrittAdams
    Alien Vault Device integration guide for configuring logging from Citrix NetScaler

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    AlienVault Unified Security Management Solution

    Complete. Simple. Affordable

    Device Integration: Citrix NetScaler

    Copyright 2014 AlienVault. All rights reserved.

    AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation
    Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.

    AlienVault Unified Security Management Solution


    Device Integration: Citrix NetScaler

    CONTENTS
    1.

    INTRODUCTION ..................................................................................................... 4

    2.

    CITRIX NETSCALER INFORMATION ................................................................... 4

    3.

    CONFIGURING CITRIX NETSCALER TO SEND LOG DATA TO


    ALIENVAULT ......................................................................................................... 4

    4.

    CONFIGURING ALIENVAULT TO RECEIVE LOGS FROM CITRIX


    NETSCALER .......................................................................................................... 5

    5.

    CONFIGURING LOG FILE EXPIRATION .............................................................. 6

    6.

    HOW TO ENABLE THIS PLUGIN .......................................................................... 7

    DC-00122

    Edition 01

    Copyright 2014 AlienVault. All rights reserved.

    Page 3 of 7

    AlienVault Unified Security Management Solution


    Device Integration: Citrix NetScaler

    1.

    INTRODUCTION
    The objective of this document is to explain how to configure a Citrix NetScaler device to send
    log data to AlienVault USM.
    This document is related to the AlienVault document Data Source Plugin Management. The
    explanation about how to enable plugins can be found in that document.

    2.

    3.

    CITRIX NETSCALER INFORMATION


    Device Name

    NetScaler

    Device Vendor

    Citrix

    Device Type

    Load Balancer

    Data Source Name

    citrix-netscaler

    Connection Type

    syslog

    Data Source ID

    1678

    CONFIGURING CITRIX NETSCALER TO SEND LOG DATA TO


    ALIENVAULT
    Citrix NetScaler must be configured to send log data to an AlienVault Sensor over the Syslog
    protocol.

    DC-00122

    1.

    Log on to the Citrix NetScaler web console with administrator credentials.

    2.

    From the top menu, click Configuration.

    3.

    In the System Configuration window, select a configuration utility.

    4.

    In the navigation panel, expand the System folder.

    5.

    Click the Auditing folder.

    6.

    In the Settings section of the Auditing window, click Change global auditing settings.

    7.

    In the Configure Auditing Parameters window, complete the fields as follows:

    Edition 01

    Copyright 2014 AlienVault. All rights reserved.

    Page 4 of 7

    AlienVault Unified Security Management Solution


    Device Integration: Citrix NetScaler

    4.

    Field

    Action

    Auditing Type

    From the drop-down list, select SYSLOG

    IP Address

    Enter the IP address of an AlienVault Sensor.

    Port

    Type 514

    Log Levels

    Select All

    Log Facility

    Select the appropriate log facility fro the drop-down list

    Date Format

    Select MMDDYYY

    Time Zone

    Select GMT

    TCP Logging

    Select TCP Logging

    ACL Logging

    Select ALC Logging

    8.

    Above the top menu, click Save.

    9.

    Click Yes to save configuration settings.

    CONFIGURING ALIENVAULT TO RECEIVE LOGS FROM CITRIX


    NETSCALER
    Devices that send log data via Syslog require configuration of the Syslog service to process
    those incoming logs into a unique file destination.
    1.

    Open the console on the AlienVault Appliance, or log in over Secure Shell (SSH) as the
    root user.

    2.

    Select and accept the Jailbreak this Appliance option to gain command line access.

    3.

    Create a new configuration file to save incoming logs:

    nano w /etc/rsyslog.d/citrix-netscaler.conf

    4.

    Add the following line to the file, one for each Citrix NetScaler device you are sending logs
    from:

    if ($fromhost-ip == IP_Address) then /var/log/citrix-netscaler.log

    IP_Address refers to the Citrix NetScaler IP Address.

    DC-00122

    Edition 01

    Copyright 2014 AlienVault. All rights reserved.

    Page 5 of 7

    AlienVault Unified Security Management Solution


    Device Integration: Citrix NetScaler

    5.

    End the file with this line:

    & ~

    6.

    Press Crtl+W to save the file and Ctrl+X to exit the editor.

    7.

    Restart the Syslog Collector:

    /etc/init.d/rsyslog restart

    5.

    CONFIGURING LOG FILE EXPIRATION


    Incoming logs will be processed by the Sensor and passed on to the SIEM Service. Keeping
    the raw log files on the sensor for more than a few days is unnecessary and they should be
    purged to maintain adequate free filesystem capacity.
    1.

    Create a new log rotation configuration file.

    nano w /etc/logrotate.d/citrix-netscaler

    2.

    Add the follows content to the file:

    /var/log/citrix-netscaler.log
    {
    rotate 4 # save 4 days of logs
    daily # rotate files daily
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
    invoke-rc.d rsyslog reload > /dev/null
    endscript
    }

    DC-00122

    Edition 01

    Copyright 2014 AlienVault. All rights reserved.

    Page 6 of 7

    AlienVault Unified Security Management Solution


    Device Integration: Citrix NetScaler

    6.

    HOW TO ENABLE THIS PLUGIN


    This plugin is already configured, but it is necessary to enable it, through console or through
    the web interface. The instructions about how to enable this plugin can be found in the
    AlienVault document Data Source Plugin Management.

    DC-00122

    Edition 01

    Copyright 2014 AlienVault. All rights reserved.

    Page 7 of 7

    You might also like