Self-service search for Gateway 编辑

Use the self-service search feature to get insights into the user events received from the Citrix Gateway data source. When users access their network resources such as file servers, applications, websites through Citrix Gateway, events are generated for each user connection. Some examples of user events are such as authentication stage, authorization type, and VPN session code. Citrix Analytics for Security receives these events and displays them on the self-service search page. You can view the users and their access details.

For more information on the search functionalities, see Self-service search.

Select the Gateway data source

To view the Gateway events, select Gateway from the list. By default, the self-service page displays the events for the last one day. You can also select the time period for which you want to view the events.

Select gateway datasource

Note

Alternatively, you can access the Self-service search for Gateway page from the Security > Users > Access Summary dashboard. In successful login scenarios, you can access the data by the status code. For more information, see the Access Summary dashboard.

Use the facets to filter events

The facets are categorized based on the events received from your data source. Use the following facets to filter your events:

Gateway facets

  • Authentication Stage- Search events based on different stages of client authentication such as primary, secondary, and tertiary.

  • Authentication Type- Search events based on the client authentication types such as Local, RADIUS, LDAP, TACACS, client certificate authentication including smart card authentication.

  • Device Agent- Search events based on the client devices such as iPhone, iPad, Windows Mobile.

  • Record Type- Search events based on the types of VPN records. Following VPN record types are available:

    Record typeDescription
    VPN_AIFilters user events related to authentication.
    VPN_IFFilters user events related to ICA file.
    VPN_STFilters user events related to session logout.
  • Browser- Search events based on the browsers such as Internet Explorer, Chrome, Firefox, Safari.

  • OS- Search events based on the client operating systems such as Windows, Mac, Linux, Android, iOS.

  • Status Code- Search events based on the VPN status codes such as SSL redirect response failure, authorization failure, single sign-on failed.

  • Session State- Search events based on the VPN session states such as client state, authorization state, SSO state, application bandwidth update.

  • Session Mode- Search events based on the VPN session modes such as Full tunnel, ICA Proxy, Clientless.

  • SSO Authentication Method- Search events based on different methods of single sign-on authentication such as basic, digest, NTLM, Kerberos, AG basic, form-based SSO.

  • Logout Mode- Search events based on the VPN logout modes such as internal error logout, session time-out logout, user-initiated logout, administrator terminated session.

Specify search query to filter events

Place your cursor in the search box to view the list of dimensions for the Gateway events. Use the dimensions and the operators to specify your query and search for the required events.

Gateway dimension list

For example, you want to view the events for a user “ns133” where the VPN status code is “successful login”.

  1. Enter “user” in the search box to choose the related dimension.

    Gateway search query 1

  2. Select User-Name and enter the value “ns133” using the equal operator.

    Gateway search query 2

    Gateway search query 3

  3. Select the AND operator and then select the Status Code dimension. Enter the string “Successful login” for Status Code using the equal operator.

    Gateway search query 4

    To identify the possible string values for Status Code, expand the Status Code filter list and use the filter name as the string in your search query.

    Status code values

  4. Select the time period and click Search to view the events on the DATA table.

Supported values for your search query

Enter the following values for the dimensions to define your search query.

Access-Insight-Flags

Indicates the VPN session states. Enter one of the following flag values:

VPN session stateFlag value
Pre-authentication2
Last or final state of nFactor (multi-factor) authentication1
Post authentication4

Note

This flag is applicable only for the preceding VPN session states for the authentication events. For all other events, the flag value is zero.

Applications-Byte-Consumption

For the Applications-Byte-Consumption dimension, enter the following value:

ValueTypeDescription
Examples: 40, 100NumberData (in Bytes) consumed by the application that you are using.

Authentication-Servers-IP

For the Authentication-Servers-IP dimension, enter the following value:

ValueTypeDescription
Example: 10.xxx.xx.xxStringIP address of the authentication server.

Authentication-Stage

For the Authentication-Stage dimension, enter the following value:

ValueTypeDescription
Primary, Secondary, or TertiaryStringDifferent stages of client authentication.

Authentication-Type

For the Authentication-Type dimension, enter the following value:

ValueTypeDescription
LDAP,SAML, Local, Radius, TACACS, SAMLIDP, or OTP.StringAuthenticate your users through one of the available methods.

Backend-Server-Name

For the Backend-Server-Name dimension, enter the following value:

ValueTypeDescription
Example: 10.xxx.xxx.xxStringIP address of the back end server.

Browser

For the Browser dimension, enter the following value:

ValueTypeDescription
PN Agent, Edge, Firefox, Chrome, or Safari.StringBrowser used.

City

For the City dimension, enter the following value:

ValueTypeDescription
Examples: Boston, BeijingStringCity from where the user has logged on.

Client-IP

For the Client-IP dimension, enter the following value:

ValueTypeDescription
Example: 10.xxx.xxx.xxStringIP address of the user device.

Client-IP-Type

For the Client-IP-Type dimension, enter the following value:

ValueTypeDescription
public, privateStringIndicates whether the user IP address is public or private.

Note

The values are case-sensitive. Enter the values in lower case.

Client-Port

For the Client-Port dimension, enter the following value:

ValueTypeDescription
Example: 45334NumberPort number of the user device.

Country

For the Country dimension, enter the following value:

ValueTypeDescription
Examples: United States, IndiaStringCountry from where the user has logged on.

Note

Enclose the value within “” if the value contains spaces. Example: Country = “Unites States”.

Event-Type

For the Event-Type dimension, enter the following value:

ValueTypeDescription
Authentication, ICA file, Session logoutStringType of user events.

Gateway-FQDN

For the Gateway-FQDN dimension, enter the following value:

ValueTypeDescription
Example: Gateway-testStringDomain name of your Citrix Gateway.

Gateway-IP

For the Gateway-IP dimension, enter the following value:

ValueTypeDescription
Example: 10.xxx.xxx.xxStringIP address of your Citrix Gateway.

Gateway-Port

For the Gateway-Port dimension, enter the following value:

ValueTypeDescription
Example: 443StringPort number of your Citrix Gateway.

Logout-Mode

For the Logout-Mode dimension, enter the following value:

ValueTypeDescription
"Internal error", "Inactive time out", "User initiated logout", or "Administrator killed session".StringReason for timeout or termination of VPN session.

Note

Enclose the value within “” if the value contains spaces. Example: Logout-Mode = "Internal error".

NetScaler-IP

For the NetScaler-IP dimension, enter the following value:

ValueTypeDescription
Example: 10.xxx.xx.xxStringIP address of your Citrix ADC appliance.

OS

For the OS dimension, enter the following value:

ValueTypeDescription
Examples: MAC_OS, WINDOWSStringOperating system of the user device.

Record Type

For the Record Type dimension, enter the following value:

ValueTypeDescription
VPN_AIStringIndicates user events related to authentication.
VPN_IFStringIndicates user events related to ICA file.
VPN_STStringIndicates user events related to session logout.

SSO-Authentication-Method

For the SSO-Authentication-Method dimension, enter the following value:

ValueTypeDescription
NSAUTH_BEARER, NSAUTH_FORM, NSAUTH_CITRIXAGBASIC, NSAUTH_NEGOTIATE, NSAUTH_NTLM, or NSAUTH_BASIC.StringDifferent methods of single sign-on authentication.

Server-IP

For the Server-IP dimension, enter the following value:

ValueTypeDescription
Example: 10.xx.xxx.xxStringIP address of the back end server.

Server-Port

For the Server-Port dimension, enter the following value:

ValueTypeDescription
Example: 47054NumberPort number of the back end server.

Session-State

For the Session-State dimension, enter the following value:

ValueTypeDescription
"Set Client State", "Authorization State", "SSO State", and "Application Bandwidth Update"StringThe VPN session state.

Note

Enclose the value within “” if the value contains spaces. Example: Session-State = "Set Client State".

Status-Code

For the Status-Code dimension, enter the following value:

ValueTypeDescription
"Successful login", "Invalid credentials passed", "Post auth failed and connection quarantined", "Login not permitted", "Maximum login failures reached"StringThe VPN status code.

Note

Enclose the value within “” if the value contains spaces. Example: Session-Code = "Successful login".

User-Agent

For the User-Agent dimension, enter the following value:

ValueTypeDescription
IPHONE, IPAD, or WINPHONEStringThe agent or the device used to access the VPN.

VPN-Session-ID

For the VPN-Session-ID dimension, enter the following value:

ValueTypeDescription
c2c290c61dfe4e07247bde1e22142a12StringSession ID assigned by the server for a user’s VPN session.

VPN-Session-Mode

For the VPN-Session-Mode dimension, enter the following value:

ValueTypeDescription
"Full Tunnel", "ICA Proxy", or ClientlessStringDifferent modes of a user’s VPN session.

Note

Enclose the value within “” if the value contains spaces. Example: Session-Code = "Full Tunnel".

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:61 次

字数:25028

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文