Citrix Access Gateway

Configure Syslog on your Citrix Access Gateway to forward events to the QRadar® Console or Event Collector.

Procedure

  1. Log in to your Citrix Access Gateway web interface.
  2. Click the Access Gateway Cluster tab.
  3. Select Logging/Settings.
  4. In the Server field, type the IP address of your QRadar Console or Event Collector.
  5. From the Facility list, select a syslog facility level.
  6. In the Broadcast interval (mins), type 0 to continuously forward syslog events to QRadar.
  7. Click Submit to save your changes.

Results

The configuration is complete. The log source is added to QRadar as Citrix Access Gateway events are automatically discovered. Events that are forwarded to QRadar by Citrix Access Gateway are displayed on the Log Activity tab in QRadar.