Are there any special settings to enable on a citr...

mctester · ‎09-25-2012

We have set up UDP inputs for syslog data on splunk indexers. We have set up a load balancing pool on a citrix netscaler to forward data to splunk. We are getting messages in splunk from the devices, but they all say "UDP Data" and nothing else.

This is consistent for all devices we are trying to forward via the netscaler. I'm assuming it is a persistence setting or something on the netscaler, but am not sure. Data sent directly to splunk is actual syslog data, is indexed properly and is successfully in searches.

I realize that this is not necessarily an issue with Splunk but I'm hopeful that one of the many Admins out there has worked with these devices before and can provide some helpful advice.

thanks

lukeh · ‎04-27-2014

We were seeing the same problem with NetScaler NS9.2: Build 48.6.cl - however we discovered that sending the syslog events to Splunk via the internal interface on the Netscaler resulted in garbled events, however sending via the external interface resulted in sweet, sweet syslog love...

All the best,

Luke 🙂

sylvainc · ‎09-26-2012

Hi

I'm an SE at Citrix, specialist on NetScaler.
Could you post your NS config and a schema of what you want to do (clients, Vserver, servers)

Thanks in advance

regards

Sylvain

Are there any special settings to enable on a citrix netscaler device?

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

A Guide To Cloud Migration Success