Avatar of jnordeng
jnordeng
 asked on

Where are logs stored that can be ingested into Splunk + XenApp 7.15?

I am nearly done setting up my non-production XenApp 7.15 CU5 environment.  (Prod is next) on Windows 2016.  In XenApp 6.5 we were able to follow a session via the Secure Gateway logs and the STA logs.  We ingested these in Splunk to be used for better troubleshooting.  In XenApp 7.15, with the new architecture, there is nothing to customize logging in the DC other than where the DB lives.  And I don't see where it is writing these logs, likely because it's all in the DB.  I also don't see any logs for Sessions as the STA's no longer really exist and are part of the DC>

So my question, where are the useful logs stored and am I able to get them dumped out to a file location automatically so I can dump into Splunk for troubleshooting?

Thanks in advance.
Citrix* XenApp

Avatar of undefined
Last Comment
jnordeng

8/22/2022 - Mon
Dirk Kotte

I use the windows eventlog at storefront and DDC.
Splunk provides an agent to send windows eventlogs as syslog ...

jnordeng

ASKER
Awe, so the Event Logs within Windows?  Forgot about that, the new architecture has me having to think of where things are... all the time ;)  

Thanks
jnordeng

ASKER
Are there any other useful logs or tips? I still don't see a lot around 'user' related events except bad credentials.I know I can run real-time via the Netscaler to see some of the users traffic, but this isn't stored in a log either.

Thanks
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER CERTIFIED SOLUTION
Sam Jacobs

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
jnordeng

ASKER
Looks like in reading there are some other options, we're looking into:  

https://www.splunk.com/en_us/blog/tips-and-tricks/getting-started-with-citrix-in-splunk-part-1.html
Which references some already built templates:
https://github.com/splunk/splunk-template-xendesktop-7/tree/master/add-ons

We haven't implemented just yet, but this looks to be the way we're leaning.

Thanks