Hi, I am running splunk standalone 8.4.1 with Citrix add-on installed 8.2.3. Also, I have SC4S running version 3.31.0. I configured Citrix to send syslog events to SC4S, and running a tcpdump in S...
See more...
Hi, I am running splunk standalone 8.4.1 with Citrix add-on installed 8.2.3. Also, I have SC4S running version 3.31.0. I configured Citrix to send syslog events to SC4S, and running a tcpdump in SC4S, I see those events arriving. According to the documentation, nothing else must be done at SC4S level. https://splunk.github.io/splunk-connect-for-syslog/3.31.0/sources/vendor/Citrix/netscaler/ Unfortunately, I don't see any Citrix event in splunk. I searched in index "netfw" and also filtered by sorcetype (sourcetype="citrix*" and index=*), in both cases, no events are in there. Other events, from our firewall, are reaching splunk without any issue via the same SC4S server. So I discarded network issues. Any idea about what could be happening? any SC4S logs that I could check? thanks a lot.