1) Does citrix have its own event log catalogue entry in computer management > system tools > event viewer >
2) Or is a user logging in to that server via their citrix client on their desktop just logged in the normal windows logs, i.e. security? I.e. no special logs for cirtix, a login is classed the same regardless of remote/local/via citrix?
3) Is there a specific event ID for a login to a citrix server via whatever client they use?
4) Also I think we have 2 citrix environments based on departments, would these be 2 "farms", where can you see which servers are in which farm? I beleive the citrix servers run on top of server 2003 if that makes any difference.