Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.
| Product | Samurai [Local] Collector | Samurai [Cloud] Collector |
|---|---|---|
| Citrix Netscaler |  |
This guide describes the steps required to configure Citrix Netscaler to send logs to a Samurai Local Collector deployed on your network. Citrix Netscaler requires access to the Local Collector via syslog on port 514/UDP.
To complete this Integration you will need to:
1) From your Citrix Netscaler Appliance :
Follow the steps outlined within the Citrix documentation:
Use the following parameters when completing the steps:
| Field Name | Parameter |
|---|---|
| Auditing Type | SYSLOG |
| Name | Whatever you want, however we suggest NTT_syslog_action |
| ServerIP | IP address of your Samurai Collector |
| serverPort | 514 |
| logLevel | EMERGENCY,ALERT,CRITICAL,ERROR,WARNING,NOTICE,INFORMATIONAL |
| dateFormat | MMDDYYYY |
| transport | UDP |
Table 1: Audit-log Action
| Field Name | Parameter |
|---|---|
| Name | Whatever you want, however we suggest NTT_syslog_policy |
| rule | Use the Audit-log action you created above. |
Table 2: Audit-log Policy
For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR Application as we auto detect the vendor and product. The only reason you need to use the Samurai MDR Application is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.