Solved: Best practice to integrate Citrix mcs to Splunk

dantimola · ‎10-04-2017

Hi, Splunkers,

Can someone suggest what is the best practice to integrate Citrix mcs to Splunk? Our case is, we can't install splunk universal forwarder on the citrix servers because the server is frequently rebooting, once rebooted, the server will start to its original state meaning all installed app, configuration changes will be removed (just like deep freeze). Thanks.

Cheers,
Dan

jconger · ‎10-05-2017

You have a couple of options:

Option 1 - make the universal forwarder part of your base image -> https://docs.splunk.com/Documentation/Splunk/latest/Admin/Integrateauniversalforwarderontoasystemima...
Option 2 - several things can be collected remotely. For instance, you can forward Windows events to a different server that is not provisioned via MCS. Then, run the forwarder there. This option is somewhat limited depending on what you want to do. Most installations I've seen using PVS or MCS go with Option 1.

View solution in original post

jconger · ‎10-05-2017

You have a couple of options:

Option 1 - make the universal forwarder part of your base image -> https://docs.splunk.com/Documentation/Splunk/latest/Admin/Integrateauniversalforwarderontoasystemima...
Option 2 - several things can be collected remotely. For instance, you can forward Windows events to a different server that is not provisioned via MCS. Then, run the forwarder there. This option is somewhat limited depending on what you want to do. Most installations I've seen using PVS or MCS go with Option 1.

dantimola · ‎10-06-2017

Is there any deployment application out there for Citrix MCS?

Best practice to integrate Citrix mcs to Splunk

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7