Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Citrix NetScaler - possible to view client IP for a particular user?

Posted on 2016-07-26
Medium Priority
Last Modified: 2016-10-25
Client has a NetScaler VPX 200 (11.0 63.16.nc).

They have asked if it possible to provide them with the 'IP list for access 'user12345' for the month of July please ?'. They would like to know the IP addresses for a particular user's client devices as they believe there has been a security breach.

Is this possible?

Question by:Mark Galvin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 24

Expert Comment

by:Dirk Kotte
ID: 41732520
dont know a logfile on the netscaler.
but at xenapp/xendesktop (if used) you can see endpoint-IP.
Within director / sessions you can see all endpoint-IP's used.
If you use rdius for authentication you should find endpoint IPs at the authentication log from radius server.
LVL 13

Author Comment

by:Mark Galvin
ID: 41732529
Using XenApp 6.5 so no Director app. Not using radius for auth. Using AD.
LVL 24

Expert Comment

by:Dirk Kotte
ID: 41732539
i check my logfiles (/var/log) at my NS.
there are different logs with enduser-ip.
- messages contains some informations about filed logons
- ns.log contains informations about successfull and failed logons (and many other data)

Jul 28 10:31:49 <local0.warn> 07/28/2016:08:31:49 GMT ns 0-PPE-0 : AAA LOGIN_FAILED 161160 0 :  User dirk - Client_ip - Failure_reason "External authentication server denied access" - Browser Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
Jul 28 10:36:44 <local0.info> 07/28/2016:08:36:44 GMT ns 0-PPE-0 : SSLVPN HTTPREQUEST 161244 0 : Context dirk@ - SessionId: 192- gateway.mydomain.de User dirk: Group(s) N/A : Vserver - 07/28/2016:08:36:44 GMT GET /Citrix/xxxxxxxXA6-5/endpoints/v1 - -

Open in new window

LVL 25

Accepted Solution

Coralon earned 2000 total points
ID: 41734008
A lot will depend on your AAA setup in the Netscaler..
If the Netscaler is the authentication point, then you should be able to look at the Netscaler logs and search for the user's login name.  (Get backups of those logs *immediately* before the accidentally get overwritten.

A simple findstr should pop up the list of entries from either the AAA or ns.log files.  
If you want to get fancy with powershell and RegEx, you can extract *just* the list of dates/times, the user name & the ip address.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenDesktop, gold image, VMware, vSphere.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question