Exploring ICA Login and Logout Records in NetScaler logs

Exploring ICA Login and Logout Records in NetScaler logs

book

Article ID: CTX550269

calendar_today

Updated On:

Description

This article states the essential ICA login and logout records contained within the NetScaler's "/var/log/ns.log."

Instructions


(1) User "staff2" logon ateway,
Filter with keywords: “AAA LOGIN REQ”:
May  6 15:28:29 <local0.debug> <NSIP> 05/06/2023:15:28:29  ns 0-PPE-0 : default AAA Message 36460 0 :  "AAA LOGIN REQ: parsed data; username: <staff2>, pwdlen <Non-Zero>, pwdlen2 <Non-Zero>, flags: <0x40000>, flags3: <0x0>" 

(2) SSO to SF
Filter with keywords: “SSLVPN LOGIN”:
May  6 15:28:29 <local0.info> <NSIP> 05/06/2023:15:28:29  ns 0-PPE-0 : default SSLVPN LOGIN 36493 0 : Context staff2@10.158.247.3 - SessionId: 1767 - User staff2 - Client_ip <client_ip> - Nat_ip "Mapped Ip" - Vserver <VIP>:443 - Browser_type "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" - SSLVPN_client_type ICA - Group(s) "N/A" 

(3) Launch virtual desktop/application
Filter with keywords: "SSLVPN ICASTART”:
May  6 15:28:44 <local0.info> <NSIP> 05/06/2023:15:28:44  ns 0-PPE-0 : default SSLVPN ICASTART 37373 0 :  Source <client_ip>:54148 - Destination <VDA_ip>:2598 - customername  - username:domainname staff2:test.lab - applicationName Win2012 server $S1-2 - startTime "05/06/2023:15:28:44 " - connectionId 7949858 

(4) Close virtual desktop/application
No record in ns.log.

(5) Logout Gateway
Filter with keywords: “SSLVPN LOGOUT”
May  6 15:29:16 <local0.info><NSIP> 05/06/2023:15:29:16  ns 0-PPE-0 : default SSLVPN LOGOUT 37622 0 : Context staff2@<client_ip> - SessionId: 1767 - User staff2 - Client_ip <client_ip> - Nat_ip "Mapped Ip" - Vserver <VIP>:443 - Start_time "05/06/2023:15:28:29 " - End_time "05/06/2023:15:29:16 " - Duration 00:00:47  - Http_resources_accessed 0 - NonHttp_services_accessed 0 - Total_TCP_connections 69 - Total_UDP_flows 0 - Total_policies_allowed 69 - Total_policies_denied 0 - Total_bytes_send 0 - Total_bytes_recv 678421 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - LogoutMethod "Explicit" - Group(s) "N/A" 
 

Issue/Introduction

This article states the essential ICA login and logout records contained within the NetScaler's "/var/log/ns.log."
Powered by Wolken Software