Device Integration: Citrix NetScaler



Similar documents
Device Integration: Cisco Wireless LAN Controller (WLC)

Device Integration: CyberGuard SG565

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

Device Integration: Checkpoint Firewall-1

Monitoring VMware ESX Virtual Switches

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

How to send s triggered by events

How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

Deploying HIDS Client to Windows Hosts

User Management Guide

Suricata IDS. What is it and how to enable it

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

AlienVault Offline Key Activation

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Assets, Groups & Networks

Netflow Collection with AlienVault Alienvault 2013

RSA Security Analytics

How to enable File Integrity Monitoring (FIM)

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Intrusion Detection in AlienVault

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

How To Analyze Logs On Aloha On A Pcode On A Linux Server On A Microsoft Powerbook (For Acedo) On A Macbook Or Ipad (For An Ubuntu) On An Ubode (For Macrocess

RSA Security Analytics

Collecting Windows logs using Snare

F-SECURE MESSAGING SECURITY GATEWAY

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

RSA Authentication Manager

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

The SIEM Evaluator s Guide

Integrate ExtraHop with Splunk

AlienVault Installation Guide

RSA Security Analytics

RSA Security Analytics

RSA Security Analytics

Accellion Secure File Transfer

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

HowTo: Logging, reporting, log-analysis and log server setup Version 2007nx Release 3. Log server version 2.0

Management, Logging and Troubleshooting

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

RSA Event Source Configuration Guide

IBM Security QRadar SIEM Version MR1. Administration Guide

Integrating Barracuda Web Application Firewall

Integrate Websense Web Security Gateway (WSG)

Symantec Event Collector 4.3 for SNARE for Windows Quick Reference

RSA Event Source Configuration Guide. McAfee Database Security

Adaptive Log Exporter Users Guide

RSA Event Source Configuration Guide. Citrix Xenmobile Mobile Device Manager

NetIQ Sentinel Quick Start Guide

IBM Security QRadar Version (MR1) WinCollect User Guide

After you have created your text file, see Adding a Log Source.

McAfee Asset Manager Console

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

Citrix Access Gateway Plug-in for Windows User Guide

Web Proxy Auto Discovery (WPAD) Configuration Guide. Revision Warning and Disclaimer

RSA Security Analytics

EventTracker: Integrating Imperva SecureSphere

Barracuda Networks Web Application Firewall

Asset Management Guide

RSA Event Source Configuration Guide. EMC Avamar

SOA Software API Gateway Appliance 7.1.x Administration Guide

Integrate Check Point Firewall

Converting InfoPlus.21 Data to a Microsoft SQL Server 2000 Database

LogLogic Trend Micro OfficeScan Log Configuration Guide

Enterprise Manager. Version 6.2. Installation Guide

Unified Security Management (USM) Asset Management Guide

Using Symantec NetBackup with Symantec Security Information Manager 4.5

LogLogic Microsoft Dynamic Host Configuration Protocol (DHCP) Log Configuration Guide

Integration With Third Party SIEM Solutions

A10 Networks Load Balancer

FireEye App for Splunk Enterprise

vcenter Server Appliance Configuration

uh6 efolder BDR Guide for Veeam Page 1 of 36

RSA Event Source Configuration Guide. McAfee Firewall Enterprise

Changing Your Cameleon Server IP

VMware vcenter Log Insight Administration Guide

HP Device Manager 4.6

PIX/ASA 7.x with Syslog Configuration Example

Implementation of escan Live Events with SYSLOG (CACTI)

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Installation Guide for Windows May 2016

Customizing the SSOSessionTimeout.jsp page for Kofax Front Office Server 3.5.2

Symantec Event Collector 4.3 for Microsoft Windows Quick Reference

Configuring NetFlow Secure Event Logging (NSEL)

RSA Event Source Configuration Guide. Microsoft Internet Information Services

Monitor Print Popup for Mac. Product Manual.

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

TECHNICAL NOTE INSTALLING AND CONFIGURING ALE USING A CLI. Installing the Adaptive Log Exporter

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Magaya Software Installation Guide

Panda Perimeter Management Console. Guide for Partners

Setting Up Scan to SMB on TaskALFA series MFP s.

White Paper. Fabasoft Folio Thin Client Support. Fabasoft Folio 2015 Update Rollup 2

Transcription:

Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved.

AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.

CONTENTS 1. INTRODUCTION... 4 2. CITRIX NETSCALER INFORMATION... 4 3. CONFIGURING CITRIX NETSCALER TO SEND LOG DATA TO ALIENVAULT... 4 4. CONFIGURING ALIENVAULT TO RECEIVE LOGS FROM CITRIX NETSCALER... 5 5. CONFIGURING LOG FILE EXPIRATION... 6 6. HOW TO ENABLE THIS PLUGIN... 7 DC-00122 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 3 of 7

1. INTRODUCTION The objective of this document is to explain how to configure a Citrix NetScaler device to send log data to AlienVault USM. This document is related to the AlienVault document Data Source Plugin Management. The explanation about how to enable plugins can be found in that document. 2. CITRIX NETSCALER INFORMATION Device Name Device Vendor Device Type Data Source Name Connection Type NetScaler Citrix Load Balancer citrix-netscaler syslog Data Source ID 1678 3. CONFIGURING CITRIX NETSCALER TO SEND LOG DATA TO ALIENVAULT Citrix NetScaler must be configured to send log data to an AlienVault Sensor over the Syslog protocol. 1. Log on to the Citrix NetScaler web console with administrator credentials. 2. From the top menu, click Configuration. 3. In the System Configuration window, select a configuration utility. 4. In the navigation panel, expand the System folder. 5. Click the Auditing folder. 6. In the Settings section of the Auditing window, click Change global auditing settings. 7. In the Configure Auditing Parameters window, complete the fields as follows: DC-00122 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 4 of 7

Field Auditing Type IP Address Action From the drop-down list, select SYSLOG Enter the IP address of an AlienVault Sensor. Port Type 514 Log Levels Log Facility Date Format Time Zone TCP Logging ACL Logging Select All Select the appropriate log facility fro the drop-down list Select MMDDYYY Select GMT Select TCP Logging Select ALC Logging 8. Above the top menu, click Save. 9. Click Yes to save configuration settings. 4. CONFIGURING ALIENVAULT TO RECEIVE LOGS FROM CITRIX NETSCALER Devices that send log data via Syslog require configuration of the Syslog service to process those incoming logs into a unique file destination. 1. Open the console on the AlienVault Appliance, or log in over Secure Shell (SSH) as the root user. 2. Select and accept the Jailbreak this Appliance option to gain command line access. 3. Create a new configuration file to save incoming logs: nano w /etc/rsyslog.d/citrix-netscaler.conf 4. Add the following line to the file, one for each Citrix NetScaler device you are sending logs from: if ($fromhost-ip == IP_Address ) then /var/log/citrix-netscaler.log IP_Address refers to the Citrix NetScaler IP Address. DC-00122 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 5 of 7

5. End the file with this line: & ~ 6. Press Crtl+W to save the file and Ctrl+X to exit the editor. 7. Restart the Syslog Collector: /etc/init.d/rsyslog restart 5. CONFIGURING LOG FILE EXPIRATION Incoming logs will be processed by the Sensor and passed on to the SIEM Service. Keeping the raw log files on the sensor for more than a few days is unnecessary and they should be purged to maintain adequate free filesystem capacity. 1. Create a new log rotation configuration file. nano w /etc/logrotate.d/citrix-netscaler 2. Add the follows content to the file: /var/log/citrix-netscaler.log { rotate 4 # save 4 days of logs daily # rotate files daily missingok notifempty compress delaycompress sharedscripts postrotate invoke-rc.d rsyslog reload > /dev/null endscript } DC-00122 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 6 of 7

6. HOW TO ENABLE THIS PLUGIN This plugin is already configured, but it is necessary to enable it, through console or through the web interface. The instructions about how to enable this plugin can be found in the AlienVault document Data Source Plugin Management. DC-00122 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information