network.citrix

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ]

Introduction

The tags beginning with network.citrix identify events generated by Citrix (formally known as Citrix NetScaler)

Valid tags and data tables

The full tag must have 4 levels. The first two are fixed as network.citrix. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

Technology	Brand	Type	Subtype

Technology

Brand

Type

Subtype

network

citrix

adc

aaa
aaatm
api
cli
event
gui
ica
snmp
ssllog
sslvpn
tcp
other

netscaler

snmp

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag	Devo table

Tag	Devo table
network.citrix.adc.aaa	network.citrix.adc.aaa
network.citrix.adc.aaatm	network.citrix.adc.aaatm
network.citrix.adc.api	network.citrix.adc.api
network.citrix.adc.cli	network.citrix.adc.cli
network.citrix.adc.event	network.citrix.adc.event
network.citrix.adc.gui	network.citrix.adc.gui
network.citrix.adc.ica	network.citrix.adc.ica
network.citrix.adc.snmp	network.citrix.adc.snmp
network.citrix.adc.ssllog	network.citrix.adc.ssllog
network.citrix.adc.sslvpn	network.citrix.adc.sslvpn
network.citrix.adc.tcp	network.citrix.adc.tcp
network.citrix.adc.other **	network.citrix.adc.other
network.citrix.netscaler.snmp	network.citrix.netscaler.snmp

** For any other network.citrix.adc logs, use network.citrix.adc.other table.

How is the data sent to Devo?

Logs generated by Cisco must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rule below:

Source Port → Set as required
Source data → default (\S+)
Target tag → network.citrix.adc.\\d1
Target message → \\d0