This VPN product from Citrix allows you to gather information about user activity.
Before You Begin
Make sure you configure the syslog option on Netscaler so that InsightOps can collect its logs. Instructions on how to do so can be found here.
Additionally, make sure to create a backup of the NetScaler configurations before implementing them. To do this in the NetScaler application, go to Configuration > System > Backup & Restore and enter your backup settings.
Once the configuration is complete in NetScaler, you can complete setup within InsightOps.
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu
- At the top right of the page, select Add Data
- Select the VPN icon from the Security Data section
- Select your collector, and optionally name your event source
- From the list of event source options, choose NetScaler VPN
- Choose a timezone, or optionally choose a US timezone
- Optionally choose to send unfiltered logs
- Configure any Advanced Event Source Settings.
- Select either Listen for Syslog or Log Aggregator; both require that you specify a port and a protocol. Optionally choose to Encrypt the event source if choosing TCP
- Select the button "Download Certificate" which will download Rapid7's certificate. This file will be called
Rapid7CA.pemand will allow InsightOps and NetScaler VPN to "trust" each other during log forwarding.
Advanced Event Source Settings
Inactivity Timeout Threshold: specify in minutes how long the event source should be inactive before it enters an error state. Fallback Domain(s): If you have event sources running in a multi-domain environment, Rapid7 recommends having a fallback domain in order to resolve any issues with user accounts.
For instance, if your company is the US and in Canada, but both locations have a user named "John Smith" and your main domain is
company.com, your fallback domain could be
company.ca, which would allow InsightOps to more accurately attribute data to the correct user.