DRAFT: Httpaccess logging into Azure Sentinel on Citrix Netscaler

Tested on: 12.0
There is a lot clout about the Citrix vulnerability Citrixmash cve-2019-19781 (Citrix netscaler issue) and the thread is seriously going over the news daily now.

If you have Citrix Netscaler / ADC running you might want to get more visibility the traffic of your nodes.

To help you collect httpaccess log and gain insight, in this blog I will cover how you can send the httpaccess logs to your Log Analytics agent. From there youso you can monitor it from Log Analytics and Sentinel.

To deploy this solution you do not have to reboot your Netscaler. You just have to restart Apache which will happen in a split second. You can remove the changes the same way without a reboot.

Continue reading “DRAFT: Httpaccess logging into Azure Sentinel on Citrix Netscaler”