This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Can User-ID Agent Monitor a Citrix Farm security logs same like it can Exchange (API integration or future extension to the TSAgent?)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Can User-ID Agent Monitor a Citrix Farm security logs same like it can Exchange (API integration or future extension to the TSAgent?)

ucteam
Not applicable

‎03-04-2012 11:44 PM

Is it possible for the UIA to monitor a Citrix farm/ cluster security logs in order to gather the user-to-ip mappings required for the firewall. Similar to how the UIA can monitor Exchange servers security logs for the same effect.

I'm NOT refering to the TS-Agent which is used to identify users within a network dekstop/ Terminal server session.

What I'm refering to is generating username-to-ip mappings for fat clients/ users physical dekstop which happen to all have installed the "pnagent" /"Citrix Online Plugin" etc.. as this client already runs at logon (and in the background constantly) and authenticates to the central Citrix Farm regardless if the user actually uses the Citrix services or not. The same affect could be achieved by configuring all users AD profiles to automatically start Outlook at logon and then using UIA to monitor the Exchange Sec logs, but it would be more seamless if could use the citrix agent/client which already exsits and performs the same auth events.

What I was aiming for was either

  • An integration via the API (perhaps forward the windows auth logs to central Syslog and then handle from there via the API)
  • Or that the current Exchange log monitoring system would also function on the Citrix server if the auth event Ids/ information where similar enough
  • Or an extension/ feature request for the TS-Agent to handle it.
0 Likes Likes
1 REPLY 1

rmonvon
L6 Presenter

‎03-05-2012 03:10 PM

Hi...The UserID agent can only detect logon events from the security logs of AD Domain Controllers and Exchange.  I don't believe it can detect Citrix logon events unless Citrix can write to AD security logs with the same event IDs.  Also, we would need Citrix client running on other network device like servers, Unix workstations, smart devices like iPad/iPhone and Andriod phones to catch users logging in via these devices.

As you have indicated, if all users would login to Exchange we certainly can generate username-to-ip mapping from there.  If you can export the Citrix logon event to syslog, then our API can be customized to look for logon events.

Thanks.

  • 2641 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks