All Apps and Add-ons

Are there any special settings to enable on a citrix netscaler device?

mctester
Communicator

We have set up UDP inputs for syslog data on splunk indexers. We have set up a load balancing pool on a citrix netscaler to forward data to splunk. We are getting messages in splunk from the devices, but they all say "UDP Data" and nothing else.

This is consistent for all devices we are trying to forward via the netscaler. I'm assuming it is a persistence setting or something on the netscaler, but am not sure. Data sent directly to splunk is actual syslog data, is indexed properly and is successfully in searches.

I realize that this is not necessarily an issue with Splunk but I'm hopeful that one of the many Admins out there has worked with these devices before and can provide some helpful advice.

thanks

Tags (1)

lukeh
Contributor

We were seeing the same problem with NetScaler NS9.2: Build 48.6.cl - however we discovered that sending the syslog events to Splunk via the internal interface on the Netscaler resulted in garbled events, however sending via the external interface resulted in sweet, sweet syslog love...

All the best,

Luke 🙂

0 Karma

sylvainc
Engager

Hi

I'm an SE at Citrix, specialist on NetScaler.
Could you post your NS config and a schema of what you want to do (clients, Vserver, servers)

Thanks in advance

regards

Sylvain

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...