The Windows Security log randomly omits login attempts to our Citrix server.
We run a a batch job that tracks user logins on our Citrix server (Windows 2008 Server OS) using the Auditlog.exe command:
AUDITLOG.EXE /WRITE:C:\CTXLOGON\CITRIXLOGON.LOG /AFTER:3/31/2011
After noticing some logins weren't logged, I checked the Security log via Event Viewer, and confirmed the user was not in the Security log. I watched this user login to the Citrix server and invoke Word, so I know a successful login attempt occurred. This seems to occur randomly.