NetScaler VPN by Citrix allows you to gather information about user activity.
Before You Begin
You must configure and enable the syslog option on NetScaler so that InsightIDR can collect its logs. Read instructions here: https://support.citrix.com/article/CTX121728.
Create a backup of your configuration before changing NetScaler
In the NetScaler application, go to Configuration > System > Backup & Restore and enter your backup settings.
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu.
- When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
- From the “Security Data” section, click the VPN icon. The “Add Event Source” panel appears.
- Choose your collector and event source. You can also name your event source if you want.
- Choose the timezone that matches the location of your event source logs.
- Optionally choose to send unfiltered logs.
- Configure your default domain and any Advanced Event Source Settings.
- Select Listen for Syslog. Enter the port you used for your syslog or rsyslog configuration.
- Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
- Click Save.