Skip to content

Citrix Netscaler Web Logs



Citrix Netscaler Web Logs are generated by Citrix ADC, which is "..the most comprehensive application delivery and load balancing solution for small and medium-size businesses. Which means you can deliver a better user experience, on any device—anywhere."

Product Details

Vendor URL: Citrix ADC

Product Type: Web Proxy

Product Tier: Tier II

Integration Method: Syslog

Log Guide: Configuring Web Logs

Parser Details

Log Format: W3C

Expected Normalization Rate: near 100%


UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
"Citrix Netscaler Web" metadata.product_name
"Citrix" metadata.vendor_name
"NETWORK_CONNECTION" metadata.event_type
bytes_received network.received_bytes
bytes_sent network.sent_bytes
local_ip target.ip
local_port target.port
method network.http.method
referer network.http.referral_url
remote_ip principal.ip
status network.http.response_code
url_path_requested target.url
user_agent "network.http.user_agent

Product Event Types

Event UDM Event Classification

Log Samples

2021-11-19 13:31:56 - HTTP 443 POST /autodiscover/autodiscover.xml - 200 818 1033 0 HTTP/1.1 "AppleExchangeWebServices/818.0.1 accountsd/113" "X-BackEndCookie=S-1-5-21-redacted" "-" "-" 0 10434 - -�

Sample Parsing

metadata.event_timestamp = "2021-11-19T17:21:34Z"
metadata.event_type = "NETWORK_CONNECTION"
metadata.vendor_name = "Citrix"
metadata.product_name = "Citrix Netscaler Web"
principal.ip = ""
principal.asset.ip = ""
target.ip = ""
target.port = 443
target.url = "/autodiscover/autodiscover.xml"
target.asset.ip = ""
network.sent_bytes = "1033"
network.received_bytes = "818"
network.http.method = "POST"
network.http.referral_url = "-"
network.http.user_agent = "AppleExchangeWebServices/818.0.1 accountsd/113"
network.http.response_code = 200

Parser Alerting

This product currently does not have any Parser-based Alerting


Coming Soon