Citrix Netscaler Parser

adem_netsys · ‎07-22-2024

Does anyone parser user information in Netscaler parser, especially login/off information is needed, but logout user and duration information does not come in the default parser.

adem_netsys · ‎07-25-2024

I tried it in a different environment and it gave the same result, could this be due to the attributes you created for the parser?

Rob_SIEM · ‎07-25-2024

This parser doesn't make use of any custom attributes not available in 7.2.0. The temporary variables starting with _ such as _duration do not have any impact on valid parsing of the event. This parser also parses the sample logs given so far correctly in a 7.2.0 version of FortiSIEM.

There may be something else going in, please open a TAC case to schedule a meeting to review.

Thanks,

adem_netsys · ‎07-29-2024

@Rob_SIEM

TAC does not support parser issue.

Rob_SIEM · ‎07-31-2024

We will push out this parser change via content update in the next few days. Once available, you can download and install it, and the change should reflect. If the events still are having issues, let them know this is a system parser issue and not a custom parsing request. The case should not be closed.

adem_netsys · ‎08-04-2024

Hi @Rob_SIEM,

I continue to get the same error after the new update. I get the error "Failed to execute node: collectAndSetAttrByRegex" for 185 lines. I can share new logs with you if you want. I still haven't received a return for the ticket I opened.

Citrix Netscaler Parser

Nominate a Forum Post for Knowledge Article Creation