Share logs to SIEM solutions
About Sharing logs to SIEM solutions
Citrix provides a powershell script that can be used to generate a json file, containting all the relevant events. This json file then can be consumed by your prefered SIEM solution.
Powershell script
Download script
The powershell script can be found here
Create Secure Client
In order to run the script, you will need to create a Secure Client that will give you access to the Citrix APIs. You can follow these instructions on how to create one.
Arguments
The script takes the following as input:
- customer This is your Citrix Cloud Customer Id
- clientId and clientSecret These are the secrets you got when you created your secure client. See Create Secure Client
- timeRange The selected time range. The supported formats are “yyy-MM-dd’T’HH:mm:ss,yyy-MM-dd’T’HH:mm:ss” or “{number of minutes}m”, “{number of hours}h” or “{number of days}d”. For example, 1h will return logs for last one hour.
- outFile The path to the file where the result will be saved
### Example run
Import-Module .\CitrixSecurePrivateAccessLogs.psm1 -Force
$customer="customerid"
$clientId="clientid"
$clientSecret="secret"
$outFile="./logs.json"
$timeRange="7d"
$secureString = convertto-securestring $clientSecret -asplaintext -force
Get-CitrixSecurePrivateAccessLogsforSIEM -customer $customer -clientId $clientId -clientSecret $secureString -timeRange $timeRange -outFile $outFile
<!--NeedCopy-->
About Sharing logs to SIEM solutions
In this article
Copied!
Failed!