![citgo citrix not working for mac citgo citrix not working for mac](https://support.citrix.com/files/public/support/article/CTX134429/images/0EM60000000US6T.jpeg)
So today we will be going over logging the data with the standard KIWI/SQL (basically a poor man’s Splunk) method. So, this was going to be my inaugural Splunk blog but I didn’t get off my ass and so my eval of Splunk expired and I have to wait 30 days to use it again (file that under “phuck”). :14:41:12 GMT ns 0-PPE-0 : SSLVPN ICAEND_CONNSTAT 541032 0 : Source 192.168.1.98:62362 – Destination 192.168.1.82:2598 – username:domainname mhayes:Xentrifuge – startTime “:14:40:46 GMT” – endTime “:14:41:12 GMT” – Duration 00:00:26 – Total_bytes_send 9363 – Total_bytes_recv 587588 – Total_compressedbytes_send 0 – Total_compressedbytes_recv 0 – Compression_ratio_send 0.00% – Compression_ratio_recv 0.00% – connectionId 81d16Īgain, another gorgeous log that is very easy to parse and put into some useful information. The ICAEND even actually has quite a bit more information and were it not for the need to report ICA Sessions in real time, this is the only log you will need. If you have Splunk, parsing is even easier and you don’t have to worry about how the columns line up. :14:40:46 GMT ns 0-PPE-0 : SSLVPN ICASTART 540963 0 : Source 192.168.1.98:62362 – Destination 192.168.1.82:2598 – username:domainname mhayes:Xentrifuge – applicationName Desktop – startTime “:14:40:46 GMT” – connectionId 81d1Īs you can see, if you are a log monger, this is a VERY nice log!! (Few can appreciate this) With the exception of the credentials everything is very easy to parse and place into those nice SQL Columns I like. Below you see a sample of the ICASTART log. The ICASTART event contains some good information in addition to the external IP. The two syslog events I want to talk about are ICASTART and ICAEND. Somewhere between 9.2 and 9.3 the requested enhancement was added and it included other very nice metrics as well. This makes reporting on where the users are coming from somewhat challenging. In the last ten years, it has become increasingly rare for an end user to actually plug their computer directly into the internet and more often, they are proxied behind a Netgear, Cisco/Linksys, and Buffalo switch. As you are likely aware, what you get in the logs are the IP Addresses bound to the workstation and not the external IP Address that they are coming through. Basically we wanted the ability to see the external IP Addresses of our customers coming through the Access Gateway. In 2008 I had a conversation with Jay Tomlin asking him if he would put in an enhancement for ICA Logging on the AGEE.