NetScaler VPN by Citrix allows you to gather information about user activity.
Before You Begin
You must configure and enable the syslog option on NetScaler so that InsightIDR can collect its logs. Read instructions here: https://support.citrix.com/article/CTX121728.
Create a backup of your configuration before changing NetScaler
In the NetScaler application, go to Configuration > System > Backup & Restore and enter your backup settings.
Configure InsightIDR to collect data from the event source
After you complete the prerequisite steps and configure the event source to send data, you must add the event source in InsightIDR.
To configure the new event source in InsightIDR:
- From the left menu, go to Data Collection and click Setup Event Source > Add Event Source.
- Do one of the following:
- Search for NetScaler VPN in the event sources search bar.
- In the Product Type filter, select VPN.
- Select the NetScaler VPN event source tile.
- Choose your collector and event source. You can also name your event source if you want.
- Choose the timezone that matches the location of your event source logs.
- Optionally choose to send unparsed logs.
- Configure your default domain and any Advanced Event Source Settings.
- Select Listen on Network Port. Enter the port you used for your syslog or rsyslog configuration.
- Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
- Click Save.