Splunk add on for Citrix Netscaler

hectorvp · ‎09-07-2020

Do I need dedicated syslog server to get syslog messages and then forward it using Universal Forwarder??Considering I've installed on Splunk add on for Netscaler over a HF. If this is to be then what is significance of having add on over UF.

OR

Can I directly listen on heavy forwarder over a port 514 to get messages.Considering I've installed on Splunk add on for Netscaler over a HF.

Can I manage any configuration regarding this add on using Deployment Server?? Like managing which inputs to be monitored and all.

PS: I'm new with Netscaler

splunkcol · ‎09-07-2020

I have a heavy forwarder which receives netscaler logs through syslog using port 514

then with inputs and outputs I forward the information to the indexers.

those apps are sometimes a headache about the configuration

hectorvp · ‎09-07-2020

I've two netscaler appliances and don't have knowledge yet how heavily those would generate logs.

Is it ok if I go with 2nd option, to listen directly over HF for syslog messages and having splunk add on in place? Will this work fine...?

Or should I get another server as a syslog server and having UF over it. Would I need this add on anymore on this dedicated syslog server.

PS: Having dedicated syslog server would increase costing and maintenance as well.

Splunk add on for Citrix Netscaler

inputs.conf

syslog

universal forwarder

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

New Dates, New City: Save the Date for .conf25!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud