Link to home
Start Free TrialLog in
Avatar of jnordeng
jnordeng

asked on

Where are logs stored that can be ingested into Splunk + XenApp 7.15?

I am nearly done setting up my non-production XenApp 7.15 CU5 environment.  (Prod is next) on Windows 2016.  In XenApp 6.5 we were able to follow a session via the Secure Gateway logs and the STA logs.  We ingested these in Splunk to be used for better troubleshooting.  In XenApp 7.15, with the new architecture, there is nothing to customize logging in the DC other than where the DB lives.  And I don't see where it is writing these logs, likely because it's all in the DB.  I also don't see any logs for Sessions as the STA's no longer really exist and are part of the DC>

So my question, where are the useful logs stored and am I able to get them dumped out to a file location automatically so I can dump into Splunk for troubleshooting?

Thanks in advance.
Avatar of Dirk Kotte
Dirk Kotte
Flag of Germany image

I use the windows eventlog at storefront and DDC.
Splunk provides an agent to send windows eventlogs as syslog ...

Avatar of jnordeng
jnordeng

ASKER

Awe, so the Event Logs within Windows?  Forgot about that, the new architecture has me having to think of where things are... all the time ;)  

Thanks
Are there any other useful logs or tips? I still don't see a lot around 'user' related events except bad credentials.I know I can run real-time via the Netscaler to see some of the users traffic, but this isn't stored in a log either.

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Sam Jacobs
Sam Jacobs
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Looks like in reading there are some other options, we're looking into:  

https://www.splunk.com/en_us/blog/tips-and-tricks/getting-started-with-citrix-in-splunk-part-1.html
Which references some already built templates:
https://github.com/splunk/splunk-template-xendesktop-7/tree/master/add-ons

We haven't implemented just yet, but this looks to be the way we're leaning.

Thanks