Solved

Citrix NetScaler - possible to view client IP for a particular user?

Posted on 2016-07-26
4
61 Views
Last Modified: 2016-10-25
Client has a NetScaler VPX 200 (11.0 63.16.nc).

They have asked if it possible to provide them with the 'IP list for access 'user12345' for the month of July please ?'. They would like to know the IP addresses for a particular user's client devices as they believe there has been a security breach.

Is this possible?

Thanks
Mark
0
Comment
Question by:Mark Galvin
  • 2
4 Comments
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 41732520
dont know a logfile on the netscaler.
but at xenapp/xendesktop (if used) you can see endpoint-IP.
Within director / sessions you can see all endpoint-IP's used.
If you use rdius for authentication you should find endpoint IPs at the authentication log from radius server.
0
 
LVL 13

Author Comment

by:Mark Galvin
ID: 41732529
Using XenApp 6.5 so no Director app. Not using radius for auth. Using AD.
0
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 41732539
i check my logfiles (/var/log) at my NS.
there are different logs with enduser-ip.
- messages contains some informations about filed logons
- ns.log contains informations about successfull and failed logons (and many other data)

Jul 28 10:31:49 <local0.warn> 1.1.1.1 07/28/2016:08:31:49 GMT ns 0-PPE-0 : AAA LOGIN_FAILED 161160 0 :  User dirk - Client_ip 2.2.2.2 - Failure_reason "External authentication server denied access" - Browser Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
Jul 28 10:36:44 <local0.info> 1.1.1.1 07/28/2016:08:36:44 GMT ns 0-PPE-0 : SSLVPN HTTPREQUEST 161244 0 : Context dirk@2.2.2.2 - SessionId: 192- gateway.mydomain.de User dirk: Group(s) N/A : Vserver 1.1.1.2:443 - 07/28/2016:08:36:44 GMT GET /Citrix/xxxxxxxXA6-5/endpoints/v1 - -

Open in new window

0
 
LVL 23

Accepted Solution

by:
Coralon earned 500 total points
ID: 41734008
A lot will depend on your AAA setup in the Netscaler..
If the Netscaler is the authentication point, then you should be able to look at the Netscaler logs and search for the user's login name.  (Get backups of those logs *immediately* before the accidentally get overwritten.

A simple findstr should pop up the list of entries from either the AAA or ns.log files.  
If you want to get fancy with powershell and RegEx, you can extract *just* the list of dates/times, the user name & the ip address.

Coralon
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Citrix XenDesktop, Citrix Studio, Citrix Policies, Citrix XenApp
#Citrix #Citrix Policies #XenDesktop #VDI #POC #Citrix Univeral Printer Driver #Citrix UPD
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now